The goal is to make it harder for someone to have a fake policy checker.
This will not stop a determined adversary since the secret is present
in the address space of the running process.
Fixes building on Solaris and probably others. It is possible to
expose msg_control on Solaris but this requires a specific set of
feature flag defines which can cause other complications.
It now takes an intercept fd as an optional argument instead of a
list of extra variables to add. This lets us check whether it is
already set to the expected value (and add it if not).
sudo_intercept.so now uses sudo_preload_dso() to make sure that
LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
