Features:
+* use name_to_handle_at() with AT_HANDLE_FID instead of .st_ino (inode
+ number) for identifying inodes, for example in copy.c when finding hard
+ links, or loop-util.c for tracking backing files, and other places.
+
+* cryptenroll/cryptsetup/homed: add unlock mechanism that combines tpm2 and
+ fido2, as well as tpm2 + ssh-agent, inspired by ChromeOS' logic: encrypt the
+ volume key with the TPM, with a policy that insists that a nonce is signed by
+ the fido2 device's key or ssh-agent key. Thus, add unlock/login time the TPM
+ generates a nonce, which is sent as a challenge to the fido2/ssh-agent, which
+ returns a signature which is handed to the tpm, which then reveals the volume
+ key to the PC.
+
+* cryptenroll/cryptsetup/homed: similar to this, implement TOTP backed by TPM.
+
+* expose the handoff timestamp fully via the D-Bus properties that contain
+ ExecStatus information
+
+* properly serialize the ExecStatus data from all ExecCommand objects
+ associated with services, sockets, mounts and swaps. Currently, the data is
+ flushed out on reload, which is quite a limitation.
+
+* Clean up "reboot argument" handling, i.e. set it through some IPC service
+ instead of directly via /run/, so that it can be sensible set remotely.
+
* userdb: add concept for user "aliases", to cover for cases where you can log
in under the name lennart@somenetworkfsserver, and it would automatically
generate a local user, and from the one both names can be used to allow