Rootless mode

[lablans]

Upon startup, Beam will try to drop their privileges to the non-root nobody user. If this fails, Beam will issue a warning and continue with its current user. Use the new --require-nonroot flag to enforce non-root mode.

This should be feature complete but is as of now untested.

[Copilot]

Pull Request Overview

This PR implements a "rootless mode" feature that attempts to drop privileges to the non-root "nobody" user during startup, with an optional enforcement flag (--require-nonroot) to abort execution if the drop fails.

• Introduces a new drop_privileges module and function.
• Adds a new require_nonroot configuration flag to shared, proxy, and broker configurations.
• Updates proxy and broker startup sequences to call the new drop_privileges function, and includes a privdrop dependency in Cargo.toml.

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
shared/src/lib.rs	Exposes the drop_privileges module.
shared/src/drop_privileges.rs	Implements the privilege dropping functionality with error handling.
shared/src/config_shared.rs	Introduces a require_nonroot flag in CLI arguments and config structure.
shared/src/config_proxy.rs	Adds the require_nonroot flag to proxy configuration.
shared/src/config_broker.rs	Adds the require_nonroot flag to broker configuration.
shared/Cargo.toml	Adds the privdrop dependency for the new feature.
proxy/src/main.rs	Integrates the privilege dropping function in proxy startup.
broker/src/main.rs	Integrates the privilege dropping function in broker startup.
CHANGELOG.md	Documents the new rootless mode feature.

Comments suppressed due to low confidence (1)

shared/src/drop_privileges.rs:6

• There are no tests covering drop_privileges_or_fail; consider adding unit tests to validate both the enforced (exit) and non-enforced (warning) scenarios.

pub fn drop_privileges_or_fail() {