knotd: Simplify POSIX capabilities setup to drop all capabilities

This commit renames knotd's setup_capabilities() to drop_capabilities(),
and makes this function simply drop all capabilities.

The call to this function from main() was previously very early, prior
to sockets being bound. Since we most likely need to retain some
capabilities in order to bind to privileged sockets, this commit moves
the dropping of capabilities to be just after the dropping of
privileges, since we also need capabilities in order to change uid/gid.

Capabilities dropping is still performed prior to any daemonization or
spawning of threads, so the interaction of capabilities with threads and
child processes should be straight forward to analyze.

We also call drop_capabilities() prior to activating any global query
modules, so any threads spawned by those modules should see the same,
minimal set of privileges and capabilities that the main thread and
worker threads will see during runtime.