and VOP_SETEXTATTR to simplify calling from in-kernel consumers,
such as capability code.  Both accept a vnode (optionally locked,
with ioflg to indicate that), attribute name, and a buffer + buffer
length in UIO_SYSSPACE.  Both authorize the call as a kernel request,
with cred set to NULL for the actual VOP_ calls.