chroot: Improve error message for unprivileged use

When the security.bsd.unprivileged_chroot sysctl is set, chroot(2) can
be used by unprivileged users as long as the PROC_NO_NEW_PRIVS_CTL
process control is set.

chroot(8) has a -n command line flag to set this process control.
Add an explicit error for EPERM from chroot(2) if the -n flag is
necessary, but not present.

Before:

$ chroot / /bin/sh
chroot: /: Operation not permitted

After:

$ chroot / /bin/sh
chroot: unprivileged use requires -n

Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51687