Further improve unveil() implementation

This change addresses review comments from Günther Noack on GitHub.
We're now blacklisting truncate() and setxattr() since Landlock lets
them operate on veiled files. The restriction has been lifted on using
unveil() multiple times, since Landlock does that well.

libc/calls/getuid.c

@@ -53,10 +53,12 @@ static textwindows dontinline uint32_t GetUserNameHash(void) {
  */
 int getuid(void) {
   int rc;
-  if (!IsWindows()) {
-    rc = sys_getuid();
-  } else {
-    rc = GetUserNameHash();
+  if (!(rc = getauxval(AT_UID))) {
+    if (!IsWindows()) {
+      rc = sys_getuid();
+    } else {
+      rc = GetUserNameHash();
+    }
   }
   STRACE("%s() → %d% m", "getuid", rc);
   return rc;
@@ -73,10 +75,12 @@ int getuid(void) {
  */
 int getgid(void) {
   int rc;
-  if (!IsWindows()) {
-    rc = sys_getgid();
-  } else {
-    rc = GetUserNameHash();
+  if (!(rc = getauxval(AT_GID))) {
+    if (!IsWindows()) {
+      rc = sys_getgid();
+    } else {
+      rc = GetUserNameHash();
+    }
   }
   STRACE("%s() → %d% m", "getgid", rc);
   return rc;