Drop capabilities

Explicitly drop capabilities. This functionality is enabled if compiled
with -DLIBCAP=1 and linked with -lcap. It uses libcap library.

It secures xtrlock more against exploits in case it's running with elevated
capabilities - which is safer than running it setuid/setgid.

Setup it by enabling the CAP_DAC_READ_SEARCH capability which allows
reading shadow password record for regular user:
 # setcap cap_dac_read_search+ep ./xtrlock

With this patch it drops the CAP_DAC_READ_SEARCH capability (and all others)
as soon as it is not required.

Of course it would be better to use PAM instead of shadow passwords, but it
would be more complex change.

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>