Add 'tun.su' option to allow changing users after configuring the tunnel

[numinit]

Other VPNs (e.g. Tinc) let you drop privileges from root after the tunnel is created.

Add a tun.su option specifying which user to drop privileges to. That way, Nebula can be started as root and run as a lesser privileged user.

Tested on Linux. Still have to test FreeBSD and Darwin. The tun.su option gets ignored on other platforms.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[gearnode]

Any update on this contribution? (cc @nbrownus @numinit)

[numinit]

I feel like the need to sign a CLA to merge deters me from contributing to this project, and "Like many open source projects" is a red herring.

That being said, I am fully willing to license this patch under the MIT license, which Nebula is licensed under anyway.

[numinit]

To be very clear - I made this PR because I'm running this patch on several systems, and have a writeup about it, and it's really useful for me, and I thought it would be worth it to share.

I just feel like the CLA has a chilling effect on people's ability to contribute to Nebula, which is a shame for contributions that are genuinely useful to people. That being said, I hope people get use out of it in their own patches to Nebula, since it's open source and MIT licensed anyway. 😃