Allow --uid and --gid without --unshare-user when running as root

[DaanDeMeyer]

When root, it's not necessary to --unshare-user to be able to change uid/gid, so bubblewrap shouldn't require it.

[rusty-snake]

FWIW: --uid/--gid change the uid/gid by mapping the outer id to the specified id in the new user-ns (i.e. they do not call setuid/setgid).

[smcv]

Do you have a use-case in mind for this? If yes, what?

A large part of the point of bubblewrap is that it works when you're not root. If you are root, there are lots of other ways to achieve similar results, like setpriv. Given its limited maintainer bandwidth (for the last year it has mostly just been me), I think we should keep bubblewrap somewhat focused on the things that can't be done any other way.

As @rusty-snake said, I don't think the way we are implementing --uid/--gid can work when not creating a new userns. If we have CAP_SETUID and CAP_SETGID, then we could have a different code path that does work without creating a new userns; but we would have to be very careful to make sure that an adversarial user couldn't make use of that code path to trick a setuid bwrap into opening up security holes.