Fix interface binding by retaining CAP_NET_RAW

Fix interface binding by retaining CAP_NET_RAW

This commit addresses an issue where mtr would fail with EPERM because setting the
SO_BINDTODEVICE socket option requires the CAP_NET_RAW capability.

Changes:

- Refactor the code to abstract setting privileged socket options. This
  includes a common interface for setting capabilities depending on the
  platform (with or without LIBCAP).

- Replace direct setsockopt calls with the new abstracted function for
  setting both SO_MARK and SO_BINDTODEVICE.

- Update capability management in `drop_excess_capabilities` to retain
  CAP_NET_RAW when needed.