switch: please provide a graceful destructor for SwitchUserGuard

[lucab]

Currently, the only way to revert the effects of a switch_user_group is to drop the returned SwitchUserGuard. However, Drop is not allowed to fail, so any internal failure directly translates to a panic:

impl Drop for SwitchUserGuard {
    fn drop(&mut self) {
        // Panic on error here, as failing to set values back
        // is a possible security breach.
        set_effective_uid(self.uid).unwrap();
        set_effective_gid(self.gid).unwrap();
    }
}

As a consumer of this crate, I'd like to have a way to switch back to the original state (consuming the guard at the same time) and get back a Result to handle the error case as usual.

I guess the signature would be something like:

pub fn reset (self /* : SwitchUserGuard */) -> IOResult<()>