Apply a seccomp-BPF syscall allowlist by default

Derived from Podman's default profile, stripped of capability-conditional
rules (we never grant capabilities), argument filters, and the explicit
EPERM block. Dangerous syscalls (mount, unshare, ptrace, bpf,
perf_event_open, io_uring_*, keyctl, kexec_*, ...) fall through to the
default ENOSYS action, which also keeps glibc's clone3 -> clone fallback
working. x86_64 and aarch64 are supported; other archs error out.

Toggle with --seccomp / --no-seccomp or seccomp = <bool> in config.

Cargo.lock

@@ -8,8 +8,11 @@ version = "0.1.0"
 dependencies = [
  "clap",
  "glob",
+ "libc",
+ "seccompiler",
  "serde",
  "shlex",
+ "syscalls",
  "tempfile",
  "toml",
 ]
@@ -315,6 +318,15 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "seccompiler"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4ae55de56877481d112a559bbc12667635fdaf5e005712fd4e2b2fa50ffc884"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.27"
@@ -396,6 +408,12 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "syscalls"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81c645a4de0d803ced6ef0388a2646aa1ef8467173b5d59a2c33c88de4ab76e7"
+
 [[package]]
 name = "tempfile"
 version = "3.27.0"