Check whether we can use PID namespaces

In unprivileged podman containers, /proc is not fully visible (there
are other filesystems mounted on subdirectories of /proc). Therefore
we can't mount a new /proc in the sandbox that matches the PID
namespace of the sandbox. So this commit automatically disables
sandboxing if /proc is not fully visible.

src/libutil/namespaces.hh

@@ -6,4 +6,6 @@ bool userNamespacesSupported();
 
 bool mountNamespacesSupported();
 
+bool pidNamespacesSupported();
+
 }