Also (re)used to make fork privileges available when we start a
subprocess: As we are going to apply the JAIL_SUBPROC privileges to the
forked process, having slightly eleveated privileges only agross the
fork() should not cause any harm.

	-

This concludes the current series of Solaris jail patches, hopefully.
With this commit, varnishd started with pfexec ("root privileges") keeps
the following privileges only (ppriv -v output) on Solaris:

* master::

  flags = PRIV_AWARE
        E: file_read,file_write,net_access
        I: none
        P: file_read,file_write,net_access,net_privaddr,proc_exec,proc_fork,proc_info,proc_owner,proc_setid
        L: file_read,file_write,net_access,net_privaddr,proc_exec,proc_fork,proc_info,proc_owner,proc_setid

  notes:

  E: file_read is required for basic config files like /etc/netconfig
     net_access is required for CLI communication

     file_write could potentially be removed if any file write
     operations (e.g. writing vcl files) were wrapped with
     JAIL_MASTER_FILE, but I do not consider this a relevant gain for
     now.

     For other master jail states, E will be momentarily expanded.

  I: will be momentarily expanded for system()

  P: Contains the union of all privileges used anywhere in varnish

  L: Could potentially be reduced further, but P already limits

* worker::

  flags = PRIV_AWARE
        E: file_read,file_write,net_access
        I: none
        P: file_read,file_write,net_access,proc_info
        L: file_read,file_write,net_access,proc_info,proc_setid

  proc_setid is only used when the worker starts and then dropped

  proc_info is only used by vmod_unix