Improve pledge() and unveil()

The pledge.com command now supports the new [WIP] unveil() support. For
example, to strongly sandbox our command for listing directories.

    o//tool/build/assimilate.com o//examples/ls.com
    pledge.com -v /etc -p 'stdio rpath' o//examples/ls.com /etc

This file system sandboxing is going to be perfect for us, because APE
binaries are self-contained static executables that really don't use the
filesystem that much. On the other hand, with non-static executables,
sandboxing is going to be more difficult. For example, here's how to
sandbox the `ls` command on the latest Alpine:

    pledge.com -v rx:/lib -v /usr/lib -v /etc -p 'stdio rpath exec' ls /etc

This change fixes the `execpromises` API with pledge().

This change also adds unix.unveil() to redbean.

Fixes #494

libc/calls/execve.c

@@ -17,6 +17,7 @@
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
 #include "libc/bits/likely.h"
+#include "libc/bits/weaken.h"
 #include "libc/calls/calls.h"
 #include "libc/calls/strace.internal.h"
 #include "libc/calls/syscall-nt.internal.h"
@@ -24,10 +25,13 @@
 #include "libc/dce.h"
 #include "libc/intrin/asan.internal.h"
 #include "libc/intrin/kprintf.h"
+#include "libc/intrin/promises.internal.h"
 #include "libc/log/libfatal.internal.h"
 #include "libc/sysv/consts/o.h"
 #include "libc/sysv/errfuns.h"
 
+int sys_pledge_linux(unsigned long);
+
 /**
  * Replaces current process with program.
  *
@@ -66,7 +70,13 @@ int execve(const char *prog, char *const argv[], char *const envp[]) {
     }
 #endif
     if (!IsWindows()) {
-      rc = sys_execve(prog, argv, envp);
+      rc = 0;
+      if (IsLinux() && __execpromises && weaken(sys_pledge_linux)) {
+        rc = weaken(sys_pledge_linux)(__execpromises);
+      }
+      if (!rc) {
+        rc = sys_execve(prog, argv, envp);
+      }
     } else {
       rc = sys_execve_nt(prog, argv, envp);
     }