[$] Hiding a process's executable from itself

Back in 2019, a high-profile containervulnerability led to the adoption of some complex workarounds and afrenzy of patching. The immediate problem wasfixed, but the incident was severe enough that security-consciousdevelopers have continued to look for ways to prevent similarvulnerabilities in the future. Thispatch set from Giuseppe Scrivano takes a rather simpler approach to theproblem.