Improve pledge() and unveil()

The pledge.com command now supports the new [WIP] unveil() support. For
example, to strongly sandbox our command for listing directories.

    o//tool/build/assimilate.com o//examples/ls.com
    pledge.com -v /etc -p 'stdio rpath' o//examples/ls.com /etc

This file system sandboxing is going to be perfect for us, because APE
binaries are self-contained static executables that really don't use the
filesystem that much. On the other hand, with non-static executables,
sandboxing is going to be more difficult. For example, here's how to
sandbox the `ls` command on the latest Alpine:

    pledge.com -v rx:/lib -v /usr/lib -v /etc -p 'stdio rpath exec' ls /etc

This change fixes the `execpromises` API with pledge().

This change also adds unix.unveil() to redbean.

Fixes #494

libc/sysv/calls/faccessat2.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall faccessat2,0xfffffffffffff1b7,globl

libc/sysv/calls/openat2.s

@@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall openat2,0xfffffffffffff1b5,globl

libc/sysv/calls/sys_faccessat2.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_faccessat2,0xfffffffffffff1b7,globl,hidden

libc/sysv/calls/sys_openat2.s

@@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_openat2,0xfffffffffffff1b5,globl,hidden

libc/sysv/syscalls.sh

@@ -385,9 +385,9 @@ scall	fspick			0xfffffffffffff1b1	globl
 scall	pidfd_open		0xfffffffffffff1b2	globl
 scall	clone3			0xfffffffffffff1b3	globl
 scall	close_range		0xfffffffffffff1b4	globl
-scall	openat2			0xfffffffffffff1b5	globl # Linux 5.6
+scall	sys_openat2		0xfffffffffffff1b5	globl hidden # Linux 5.6
 scall	pidfd_getfd		0xfffffffffffff1b6	globl
-scall	faccessat2		0xfffffffffffff1b7	globl
+scall	sys_faccessat2		0xfffffffffffff1b7	globl hidden
 scall	process_madvise		0xfffffffffffff1b8	globl
 scall	epoll_pwait2		0xfffffffffffff1b9	globl
 scall	mount_setattr		0xfffffffffffff1ba	globl