unshare: Set uid and gid maps directly when run as root

unshare: Set uid and gid maps directly when run as root

The newuidmap and newgidmap setuid helpers provided by shadow don't allow
root to set up arbitrary mappings without explicit wildcard configuration
in /etc/subuid and /etc/subgid, and are an unnecessary dependency when
unshare is run privileged.

ID-mapped mount already knows how to create uid/gid maps directly for new
user namespaces, so teach unshare to do the same thing when run as root.
Continue to use the setuid helpers when we are not sufficiently privileged
to do the job ourselves.

Signed-off-by: Chris Webb <chris@arachsys.com>