Leverage Lwan's ability to drop privileges

[HalosGhost]

Looks like lwan has had the ability, for a while now, to drop privileges to a user (and even jail itself with a chroot) to minimize negative affects of a compromised server.

Anything we can do to increase security is a GoodThing™, so we should do this ASAP.

• [X] preliminary straitjacket configuration (3d2ca4a92a5ca2a607a9c5190b37d0ddd7aafab1)
• [x] lwan_straitjacket_enforce(&jacket); in redirector and main
• isolation of redirector and related files into separate subdirectory and straitjacket

Getting both the redirector and main in a shared straitjacket mitigates possible compromise of the external system through either one; but eventually, separating both into their own straitjackets will mitigate compromise of either one from interfering with the other (more accurately, compromise of the redirector interfering with main).

[HalosGhost]

I am scrubbing plans for separating the two. It's true they could be isolated but main is the more likely one to be targeted anyway (plus, it's the more likely to be broken into as it does more). Then taking control of the redirector would be a secondary issue.

Having them be jailed into their shared directory is still a huge security win.