Implement identity syscalls and authentication

[paulcallen]

Types if IDs: Read, effective, saved, fs, associated groups as well as supplemental groups Config to set starting IDs permission checks ID mapping between enclave and host for SGX There are also capabilities that govern what can and cannot be done too that are specific to these syscalls.

Implement following APIs to track IDs on thread	API	done
get/set uid/gid	x
get euid/egid	x
set reuid/regid	x
get/set resuid/resgid	x
set fsuid/fsgid	x
get/set groups	x

Propagation of ID's for filesystem operations	description	ramfs	ext2	hostfs
file creation IDs for creating files	x	x	x
access check file creation			x
access check stat			x
access check utimenstat			x
everything else

Propagation of IDs for socket operations	description	done
everything else

Access checks within kernel	description	done
everything else

Need many more propagations for file access permissions across all filesystems Need propagations and access checks for sockets

[paulcallen]

261 implements get and set APIs with propagation through to lower layers to enable LTP tests for these APIs

[paulcallen]

An initial check-in is complete with the set/get ID syscalls, and the enabling of most of the relevant to those APIs. a few require fork which we dont have yet. Future work is to plumb IDs through to the lower layers of filesystems to do access checks, same for sockets, and implement access checks within other syscalls that are required.

[jxyang]

Please update the status. @paulcallen

[paulcallen]

no (or very few) changes since initial check-in