add GetSeUserByName, fallback to failsafe context in GetDefaultContextWithLevel

[capnspacehook]

Ported getseuserbyname (https://github.com/SELinuxProject/selinux/blob/main/libselinux/src/seusers.c#L188) to Go, and added failsafe_context parsing to GetDefaultContextWithLevel as that's what libselinux's get_default_context_with_level does (https://github.com/SELinuxProject/selinux/blob/main/libselinux/src/get_context_list.c#L488).

getseuserbyname reads theseusers file (https://www.man7.org/linux/man-pages/man5/seusers.5.html) to find the SELinux user and the MLS level for a given Linux user.

get_default_context_with_level takes a SELinux user, MLS level, and an SELinux context (combination of SELinux user, role, domain, and MLS level, in many cases this context is the context of the caller) and returns the SELinux context that should be used when creating processes as a certain Linux user.

get_default_context_with_level attempts to find a suitable context for the specific SELinux user that was passed first, then searches in the list of global context mappings if no match was found, and finally just returns the failsafe context if no match was found anywhere else. GetDefaultContextWithLevel previously returned an error if no context could be found for the SELinux user or globally.

Man page for failsafe_context: https://www.man7.org/linux//man-pages/man5/failsafe_context.5.html

[rhatdan]

Missed this, could you sign your commit?

[rhatdan]

LGTM @kolyshkin @thaJeztah PTAL

[capnspacehook]

@rhatdan no prob, signed commit

[kolyshkin]

@capnspacehook can you split this into two commits, by functionality. Same PR is fine.

[capnspacehook]

@kolyshkin split into two commits

[capnspacehook]

@kolyshkin good idea, files are opened lazily now

[capnspacehook]

@kolyshkin signed off all commits and fixed a few linter warnings, anything else I need to do to move forward with this?