DRAFT: Add landlock support

[valoq]

This PR adds landlock filesystem isolation to ouch as discussed in #722

At the moment this is just a quickly hacked implementation to demonstrate the use of landlock in ouch. It restricts the entire filesystem to be read only and only permits write actions in the current working directory of the process.

In order to test the isolation feature, use the -d option to write the decompressed files to a path outside of $PWD A final implementation would address the -d option as well to allow writing to specified output directories, but I left it untouched for now to allow an easy demonstration/test of the landlock feature.

Todo:

• restrict write permissions to the .tmp-XXXXXX directory, including permissions for said directory to rename itself to the final name LANDLOCK_ACCESS_FS_MAKE_DIR (This should avoid writing to any control files in $HOME like .bashrc)
• Identify all special cases that require permissions (see failed unit tests)