feat(decl/proc-chain): add user and capabilities support

[ekoops]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind documentation

/kind tests

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area commands

/area pkg

/area events

What this PR does / why we need it:
This PR adds the capability to specify the user and the linux capabilities a process in the process chain can be run with.

Capabilities can only be specified for the leaf process. Omitting capabilities is equivalent to specify all=iep.

Each process in the chain runs with real user/group ID equals to 0 (root). Specifying a user sets the effective and the saved set-user/group-ID to the corresponding user/group IDs. If a user specified in the chain doesn't exist, it is created before running the test and deleted after test execution.

The securebit SECBBIT_NOROOT is enabled on the calling thread before creating any child process: this is done in order to prevent the kernel from ignoring the specified capabilities when the real user ID is zero (see 'Capabilities and execution of programs by root' in capabilities(7)).

Users who wish to run the before and after script or creating a 'process' test resource must take into account to provide at least CAP_SETPCAP in its permitted and effective set.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ekoops
Once this PR has been reviewed and has the lgtm label, please assign fededp for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment