tame(2) WIP

Theo de Raadt (deraadt@) has pulled back the curtainon his entry into the process sandboxing contest:

I have been working for a while on a subsystem to restrict programsinto a "reduced feature operating model".Other people have made such systems in the past, but I have never beenhappy with them. I don't think I am alone.