Add capabilities, priority, and oom-score-adjustment support on Linux

[q66]

This is not properly tested yet and does not come with documentation. I mostly want to get an opinion on it for now.

This adds 3 things; when dinit is compiled without support, all of them will raise errors:

1. The capabilities service field. This is an IAB string; it's parsed with cap_iab_from_string so it can take any value that can parse, e.g. ^cap_sys_time,^cap_net_admin for ambient caps. It supports the += operator, which will append to it, delimiting with a comma.
2. The secure-bits service field, which implements securebits flags as a companion to the above.
3. The new option no-new-privs which will use prctl to prevent gaining new privileges across execve (e.g. suid).

For now I want to get an opinion on the overall implementation. One thing I am not sure about for example is the IAB string parsing; I currently do it in load-service.cc because it must be done after all the concats have been completed. I find it to be a bit out of place there, however, so maybe there is a better way. Or if you have any other clues about anything, etc...

Fixes https://github.com/davmac314/dinit/issues/398