Add command line option -Z --relinquish-privileges as for tcpdump

[olibre]

To listen network interface, tcpflow requires to be run using the root privileges. Therefore the output files are also owned by root and cannot be accessed by non-privileged users. The idea is to have the same behavior as tcpdump.

tcpdump provides the following command line option:

-Z user
--relinquish-privileges=user
If tcpdump is running as root, after opening the capture device or input savefile, but before opening any savefiles for output, change the user ID to user and the group ID to the primary group of user.

I propose to implement the same command line option to tcpflow in the next months. I will submit a pull request.

For curiosity, the corresponding tcpdump source code is in the function droproot(). See https://github.com/the-tcpdump-group/tcpdump/blob/master/tcpdump.c#L611 . Below is a very simplified extract:

void droproot (const char *username)
{
  struct passwd *pw = getpwnam(username);
  capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
  capng_updatev(CAPNG_DROP,
                CAPNG_EFFECTIVE | CAPNG_PERMITTED,
                CAP_SETUID,
                CAP_SETGID,
                CAP_SYS_CHROOT,
                -1);
  capng_apply(CAPNG_SELECT_BOTH);
}

[olibre]

Unfortunately option -Z is already used to disable GZip decompression of HTTP content (scan_http).
I propose to replace option -Z by -S decompress=fasle (default value is -S decompress=true).
This is the way to pass parameters to scanners (by the option -S).

[simsong]

Sadly, we cannot change an existing command line option, we can only create new ones. The application already has code to drop SUID; we will add the code to change the userid.