Add pledge and unveil

`pledge` is using to restrict system operations, and `unveil` to unveil
parts of a restricted filesystem view.

Both of them available at OpenBSD for years. Anyway some work to port it
to Linux is onging but it far from the end, and the best status is
Justine's work to port it into cosmopolitan libc.

posixlib/src/main/resources/scala-native/unistd.c

@@ -4,6 +4,7 @@
 // #define _POSIX_C_SOURCE 2 // constr
 // #define _X_OPEN // constr
 
+#include <errno.h>
 #include <unistd.h>
 #include "types.h" // scalanative_* types, not <sys/types.h>
 
@@ -34,6 +35,27 @@
 #define _SC_TRACE_USER_EVENT_MAX 0
 #endif // __FreeBSD__
 
+// seems that pledge and unveil is OpenBSD only,
+// some work to port it to Linux is onging but it far from the end,
+// and the best status is Justine's work to port it into cosmopolitan.
+int scalanative_pledge(const char *promises, const char *execpromises) {
+#ifdef __OpenBSD_
+    return pledge(promises, execpromises);
+#else
+    errno = ENOTSUP;
+    return -1;
+#endif
+}
+
+int scalanative_unveil(const char *path, const char *permissions) {
+#ifdef __OpenBSD_
+    return unveil(path, permissions);
+#else
+    errno = ENOTSUP;
+    return -1;
+#endif
+}
+
 long scalanative__posix_version() { return _POSIX_VERSION; }
 
 int scalanative__xopen_version() { return _XOPEN_VERSION; }

posixlib/src/main/scala/scala/scalanative/posix/unistd.scala

@@ -216,6 +216,12 @@ object unistd {
 
   @blocking def write(fildes: CInt, buf: CVoidPtr, nbyte: CSize): CInt = extern
 
+  @name("scalanative_pledge")
+  def pledge(promises: CString, execpromises: CString): CInt = extern
+
+  @name("scalanative_unveil")
+  def unveil(path: CString, permissions: CString): CInt = extern
+
 // Symbolic constants
 
   // NULL, see POSIX stddef