document use of PR_SET_NO_NEW_PRIVS

Created by: loveshack

PR_SET_NO_NEW_PRIVS is used, but isn't documented (except for a mention under OCI use) and I can't see a rationale. Could you document it with an explanation? It could preclude reasonable use of setgid, in particular, and I don't see how it can be useful as a security feature, specifically as anyone could build with that removed.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information