[$] Unprivileged BPF and authoritative security hooks

When the developers of the Linux security module (LSM) subsystem findthemselves disagreeing with other kernel developers, it tends to be becausethose other developers don't think to - or don't want to - add securityhooks to their shiny new subsystems. Sometimes, though, the addition ofnew hooks by non-LSM developers can also create some friction. AndriiNakryiko's posting of a pair ofBPF-related security hooks raised a couple of interesting questions,one of which spurred a fair amount of discussion, and one that did not.