jail: Optionally allow audit session state to be configured in a jail

Currently it is impossible for a privileged, jailed process to set audit
session state. This can result in suprising audit event misattribution.
For example, suppose a user ssh'es into a jail and restarts a service;
normally, sshd sets audit state such that events generated by the SSH
session are attributed to the newly authenticated user, but in a jail,
the corresponding setaudit(2) call fails, so events are attributed to
the user who had started sshd in the jail (typically the user who had
started the jail itself by some means).

While this behaviour is reasonable, administrators might want to trust
the jailed sshd to reset audit state, such that the authenticated user
appears in audit logs. Add a jail knob to enable this. Add a simple
regression test.

This is a reapplication of commit 246d7e9fc23928 following a revert.
The audit system calls must preserve the old behaviour of returning
ENOSYS if the system call is disallowed within a jail, as some
applications depend on that behaviour.

Reviewed by: kevans, jamie (previous version)
MFC after: 1 week
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D51719
Differential Revision: https://reviews.freebsd.org/D52572