Proposal: Enabling unprivileged chroot by default

I would like to change the default value of the
security.bsd.unprivileged_chroot sysctl from 0 (disabled) to 1
(enabled). This will allow unprivileged users to invoke chroot(2)
under constrained and secure conditions. See the recent "Non-root
chroot" thread on freebsd-hackers@ for some more context.

**Background**
Support for unprivileged chroot(2) was introduced before FreeBSD 14.0
(and MFC'd for FreeBSD 13.1) via commit a40cf4175c90 ("Implement
unprivileged chroot"), but disabled by default. This commit added:

- a sysctl security.bsd.unprivileged_chroot that must be set to 1
- a check in chroot(2) that the NO_NEW_PRIVS procctl is set when
called in an unprivileged context
- a new chroot(8) flag -n to set the NO_NEW_PRIVS procctl

NO_NEW_PRIVS causes the kernel to ignore set-user-ID and set-group-ID
bits, preventing the well-known confused deputy issues affecting
chroot(2).

The original commit did not include a man page update. I've now added
a description of unprivileged use in commit 95f8c3e1ed0c, and a more
explicit error message from chroot(8) if -n is missing, in commit
e6c623e9bad5.

**Proposed Change**
A patch to change the default sysctl value to 1 is under review here:
https://reviews.freebsd.org/D51702. A regression test still needs to
be added before this would be committed.

**Request for Feedback**
If you have concerns, objections, or additional insight into the
security or operational impact of this change, please reply to this
thread or comment directly on the Phabricator review.

Timing on the commit is an open question; it could be done soon (so
that the change will be available in FreeBSD 15.0) or after stable/15
branches (making it available in FreeBSD 16.0).