Consider using MSG_CMSG_CLOEXEC flag

[FuuuOverclocking]

MSG_CMSG_CLOEXEC (recvmsg() only; since Linux 2.6.23)
              Set the close-on-exec flag for the file descriptor
              received via a UNIX domain file descriptor using the
              SCM_RIGHTS operation (described in [unix(7)](https://man7.org/linux/man-pages/man7/unix.7.html)).  This flag is
              useful for the same reasons as the O_CLOEXEC flag of
              [open(2)](https://man7.org/linux/man-pages/man2/open.2.html).

Consider using MSG_CMSG_CLOEXEC flag, close-on-exec should be default behavior.

Links:

• https://man7.org/linux/man-pages/man2/recv.2.html
• https://github.com/standard-ai/sendfd/blob/69994c1b6d0ceb72e39afd4854694b38d6132861/src/lib.rs#L126

[FuuuOverclocking]

17

[cbranch]

Rust-created files and sockets have O_CLOEXEC set, e.g. https://github.com/rust-lang/rust/blob/4d215e2426d52ca8d1af166d5f6b5e172afbff67/library/std/src/sys/pal/unix/fs.rs#L1177 https://github.com/rust-lang/rust/blob/4d215e2426d52ca8d1af166d5f6b5e172afbff67/library/std/src/sys/pal/unix/net.rs#L85

While it may not be possible to set this on non-Linux systems as part of the recvmsg call, this crate should either set it immediately on reception of the file descriptors, or else document that the returned file descriptors do not have this flag set.

[nagisa]

I'm happy to take a PR that implements it in a portable way (even if the implementation ends up slightly racy.)

MSG_CMSG_CLOEXEC is supported on Linux, FreeBSD and various other BSDs but notably not on Darwin. So a fallback will be necessary.