Not possible to drop privs in per-process privileges mode

[mjstapp]

After discussion around issue #16747 , we considered making some limited changes to help with that problem in PR #17313. But it was pointed out that:

Might be worth to point out that this does not fix the core issue, but only works around it. The core issue is that frr_with_privs(NULL) does nothing meaningful, especially does not ensure that code is run without privileges in the per-process privileges case.

We should see what we can do to make that possible - to drop privs when we're in in per-process mode.

[KanjiMonster]

Obviously it can't just drop the privileges, but rather would need to wait until privileges are dropped, then guard against other threads raising privileges until it is finished.

One approach I could think of is a rwlock, with read-lock => privileged (so anything running privileged can run in parallel), and write-lock unprivileged (with the idea code needing to be run as unprivileged is seldom enough that we do not need to optimize it for parallel execution).

I guess just making libcap mandatory is a no-go, since there is no libcap for *BSD.