Privilege reduction for WAN dnsmasq

[neocturne]

OpenWrt reduces the risk of compromising the system through dnsmasq vulnerabilities in two ways:

• dnsmasq is run in a ujail
• dnsmasq runs as user dnsmasq instead of root

We should look into making the same improvements for the WAN dnsmasq instance.

[T-X]

Especially as the dnsmasq code quality is quite... bad in my opinion... And we still have an open segfault in it. So sounds like a very good idea.