Changelog:
- refactor: remove `follow_symlinks` from `FileCaps` methods
It was useless since file capabilities can't be attached to symlinks.
- refactor: make `Cap.from_name()` checks stricter
Mostly just sanity checks; shouldn't break existing code.
- feat: add interface to filesystem UIDs/GIDs
These aren't manipulated by `prctl()`, and they aren't directly related to Linux capabilities, but the `setfsuid()`/`setfsgid()` syscalls are so to use that it's helpful to have an interface for them *somewhere*.
- fix: make `cap_set_ids()` work around glibc's `setgroups()` synchronization
musl currently doesn't synchronize `setgroups()`, so I didn't realize that glibc did.
- feat: add `replace()` method to the capability set objects to replace the entire set
- fix: make `capbset`/`cap_ambient`'s `drop()` methods avoid trying to drop capabilities that aren't actually raised
This 1) makes behavior more consistent with `cap_{permitted,effective,inheritable}`, 2) avoids issues regarding capabilities the kernel support, and 3) avoids needing CAP_SETPCAP to perform no-op on `capbset`.
- fix: add `py.typed` file to make mypy look for type annotations
- docs: add more documentation; fix/improve existing documentation
- docs: use latest Sphinx version on ReadTheDocs
Fixes some issues with how the docs were generated.
- test: add more tests