procd: jail: clean up capability handling and non-root ubusd

procd: jail: clean up capability handling and non-root ubusd

Unify capability handling to only use OCI spec parsers even for ujail
slim containers which previously supposedly used their own format.

 80c9516 cgroups: restrict allowed keys in 'unified' section
 5ade567 cgroups: memory controller fixes
 3121467 early: run ubusd non-root as user ubus, group ubus
 12a5b97 jail: adapt to new ubus socket path
 788d144 instance: actually wire up capabilities filename
 ebc5a7f jail: nuke old capabilities code in favour of reusing OCI code
 6c5233a jail: capabilities: apply in two phases

Signed-off-by: Daniel Golle <daniel@makrotopia.org>