[roll] Roll fuchsia [starnix] Add support for effective SEStarnix SID

In some situations (communication with external subjects, Overlay FS)
the Starnix kernel needs to act on behalf of a task that is not the
current task. This change introduces an effective SID in the SEStarnix
task state. When doing access checks where the current task is the
subject, this effective SID is used instead of the current SID.

To avoid security issues, the effective SID can only be used from the
current task: anything acting on the task as an object, and ptrace
checks on exec that are done with the context of another task, are
performed with the current SID instead. We enforce this by requiring a
CurrentTask to access the effective SID. This requires moving some
operations doing capability checking from Task to CurrentTask: in
practice they were only ever called on the current task anyway.

Some operations don't make sense in contexts where the current and
effective SIDs would be distinct (e.g. "exec" should be called by
the process itself, not on behalf of another subject). We assert
in these cases that the SIDs are distinct: a failure here indicates
a Starnix issue, not an application issue.

This change shouldn't change any access checking, as nothing sets an
effective SID that is distinct from the current SID yet.

Original-Bug: 413607595
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1261404
Original-Revision: 57e98def5033585ba8ff433f1b192577fcefb73c
GitOrigin-RevId: 890a5efc307a78b2ad72901cd3d3483eb3fca26e
Change-Id: I7b2fbf8b1abe73f656cad690aa11c57082bdee4d