Dropping "sys_ptrace" capability.

[nu11daemon]

proot is a program known for its usage in creating unprivileged chroots. This program essentially gives the user the capability create a chroot into another system without any permissions, effectively turning the container into a "server" - which is not an intended use for a container.

However, this program relies on a unprivileged system call in Linux systems known as ptrace, and by disabling it, scripts such as PteroVM or any of its derivatives will be rendered useless.

Before merging, please conduct some tests as this might cause potential break in some eggs (maybe?)

[iamkubi]

Thanks. I think this change makes sense but will need to test it out. I bet there is some egg like a VSCode server or something that uses this legitimately. I can add a config option to add the capability back if that's the case, but I'll need to do some testing.

[parkervcp]

I can't see any reason to keep it, unless some service needs it to track a process. The only thing I can think of is possibly the Don't Starve Together egg.