Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects. bd_label will be used to authorize
data flow from network interfaces to user processes. BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs