Remove realpath/getcwd from loaders (#1024)

This implements proposals 1 and 2a from this gist:

https://gist.github.com/mrdomino/2222cab61715fd527e82e036ba4156b1

The only reason to use realpath from the loader was to try to prevent a
TOCTOU between the loader and the binary. But this is only a real issue
in set-id contexts, and in those cases there is already a canonical way
to do it: `/dev/fd`, passed by the kernel to the loader, so all we have
to do is pass that along to the binary.

Aside from realpath, there is no reason to absolutize the path we supply
to the binary, since it can call `getcwd` as well as we can, and on non-
M1 the binary is in a much better position to make that call.

Since we no longer absolutize the path, the binary does need to do this,
so we make its argv-parsing code generic and apply that to the different
possible places the path could come from. This means that `_` is finally
usable as a relative path, as a nice side benefit.

The M1 realpath code had a significant bug - it uses the wrong offset to
truncate the `.ape` in the `$prog.ape` case.

This PR also fixes a regression in `ape $progname` out of `$PATH` on the
two BSDs (Free and Net) that did not implement `RealPath`.

ape/ape-m1.c

@@ -316,21 +316,12 @@ __attribute__((__noreturn__)) static void Pexit(const char *c, int failed,
 }
 
 static char AccessCommand(struct PathSearcher *ps, unsigned long pathlen) {
-  char buf[PATH_MAX];
-  size_t n;
   if (pathlen + 1 + ps->namelen + 1 > sizeof(ps->path)) {
     return 0;
   }
   if (pathlen && ps->path[pathlen - 1] != '/') ps->path[pathlen++] = '/';
   memmove(ps->path + pathlen, ps->name, ps->namelen);
   ps->path[pathlen + ps->namelen] = 0;
-  if (!realpath(ps->path, buf)) {
-    Pexit(ps->path, -errno, "realpath");
-  }
-  if ((n = strlen(buf)) >= sizeof(ps->path)) {
-    Pexit(buf, 0, "too long");
-  }
-  memcpy(ps->path, buf, n + 1);
   if (!access(ps->path, X_OK)) {
     if (ps->indirect) {
       ps->namelen -= 4;