Add FreeBSD-specific capsicum feature sanity checks to Environment::SetUp

• Not all consumers build with CAPABILITIES enabled kernels, thus, we must check for the security_capabilities feature via feature_present(3) before running the tests. Otherwise, the test results are invalid.
• Check the kern.trap_enotcap sysctl to make sure it's disabled. If it's not disabled, skip the tests. Reason being is that it can trigger failures, as noted in https://github.com/google/capsicum-test/issues/23 by markj@.

This fixes the first TODO item in D19758.