[$] New AT_ flags for restricting pathname lookup

System calls like openat() have access to the entire filesystem -or, at least, that part of the filesystem that exists in the current mountnamespace and which the caller has thepermission to access. There are times, though, when it is desirable toreduce that access, usually for reasons of security; that has proved to beespecially true in many container use cases. A new patchset from Aleksa Sarai has revived an old idea: provide a set ofAT_ flags that can be used to control the scope of a givenpathname lookup operation.