Use raw syscalls to avoid sporadic hangs

[jprendes]

The setgroups/setresgid/setresuid functions in nix/libc are not safe to call after clone/clone3.
These function use a blocking mechanism that synchronises across all threads in the process.
To do this libc (glibc/musl) needs to do some bookkeeping, which breaks on the new process after clone.
See the discussion in containerd/runwasi#347 for more details.

This PR worksaround that issue by using raw syscalls for setgroups/setresgid/setresuid.

This is generally not safe, as the raw syscalls only affect the calling thread and not the whole process.
It is safe to do so in this case because at the point when they are called in libcontainer the init process only has one thread.

[codecov-commenter]

Codecov Report

Merging #2425 (32ffc4d) into main (8faff1c) will decrease coverage by 0.08%.
Report is 4 commits behind head on main.
The diff coverage is 0.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2425      +/-   ##
==========================================
- Coverage   66.01%   65.93%   -0.08%     
==========================================
  Files         133      133              
  Lines       16832    16851      +19     
==========================================
  Hits        11111    11111              
- Misses       5721     5740      +19     

[utam0k]

@jprendes I appreciate your investigation and PR. Have you checked if this patch worked fine for runwasi?

[jprendes]

@utam0k it seems to work. It is difficult to say as the original issue is sporadic.
But so far after a few runs I haven't gotten any failure with this change.

[utam0k]

LGTM