[$] Finer-grained BPF tokens

Programs running in the BPF machine can, depending on how they areattached, perform a number of privileged operations; the ability to loadand run those programs, thus, must be a privileged operation in its ownright. Almost since the beginning of the extended-BPF era, developers havestruggled to find a way to allow users to run the programs they needwithout giving away more privilege than is necessary. Earlier this year,the idea of a BPF token ran into someopposition from security-oriented developers. Andrii Nakryiko has sincereturned with anupdated patch set that significantly increases the granularity of theprivileges that can be conferred with a BPF token.