Move capability checks into the LSM stack and remove Aster policy

[zzj-5341]

Summary

This draft PR moves capability authorization into the built-in LSM stack and removes the temporary Aster inode/xattr policy module.

After this change, the active built-in LSM modules become:

• capability as the major authorization module
• yama as a minor ptrace restriction module

The main goal is to stop scattering capability checks across subsystems and instead route them through a unified LSM entry point, while preserving the existing Yama restriction model.

What this PR changes

Add a built-in capability LSM module

This PR introduces a dedicated capability module under the LSM framework and routes capability authorization through the LSM stack.

Extend the LSM framework

This PR extends the framework with:

• a capable hook and CapableContext
• CapabilityReason
• BprmCommittedCredsContext
• InodeDacOverrideContext

Migrate existing capability checks

This PR routes several existing authorization paths through the LSM-backed capability interface, including:

• credential-changing paths
• ptrace / alien access
• namespace-related checks
• signal permission checks
• resource limit checks
• reboot authorization
• socket privilege checks
• capset
• trusted xattr access
• inode DAC override
• post-execve committed-creds hook plumbing

Remove the temporary Aster policy module

This PR removes the temporary Aster LSM policy implementation from the active security stack and deletes the associated Aster-specific regression tests.

Update security regression coverage

This PR updates the security test layout so the relevant regression coverage matches the new model:

• capability regression entry updates
• namespace regression continues to run
• Yama regression is retained and adjusted to the current ptrace/capability semantics
• Aster-specific regression coverage is removed

Validation

Validated in:

• /home/zzj/asterinas-cap-lsm-pr-clean
• branch: codex/lsm-capability-pr-clean

Commands used:

source ~/.cargo/env
export VDSO_LIBRARY_DIR=$HOME/linux_vdso
git diff --check
make run_kernel AUTO_TEST=test CONSOLE=hvc0

Result:

All general tests passed.

Scope of this draft

This draft intentionally focuses on:

• the capability LSM module
• LSM framework plumbing needed by capability migration
• capability call-site migration
• removal of the Aster policy module
• security regression updates required by this migration

It intentionally does not yet include the LSM design documents or boot-only regression helper files.

Follow-up work

• clean up newly introduced warnings
• decide whether capability boot-only regression helpers should land in this PR or separately
• land or split the LSM design/implementation documents
• further refine capability handling as user namespace support evolves
• decide whether additional hooks should consume CapabilityReason more deeply