idmaptool_on_path_and_privileged doesn't check file privileges

[fergus-dall]

Issue description

idmaptool_on_path_and_privileged is supposed to control whether the newuidmap and newgidmap tools are used, skipping them if they lack both setuid and CAP_SETUID/CAP_SETGID file capabilities. However, if they lack any of these permissions, the function still returns success.

This appears to have been introduced by commit 3275932. The previous version stored the return value in a local variable, and the refactorer appears to have thought that this value was always set to one by the bottom of the function, when it could actually keep it's default value the whole way through.

Steps to reproduce

1. Remove setuid and all file capabilities from /usr/bin/newuidmap
2. Start a container with a non-trivial uid map

[brauner]

I sent a fix for that.