Make verification with --root reliable (rhbz#434150)

Make verification with --root reliable (rhbz#434150)
- use chroot() instead of vain path manipulation games, otherwise we'll get
  bogus results from users and groups not matching etc
- non-priviledged verification is unreliable anyway but running rpm under
  fakechroot (unpriviledged) gives much better results than just prepending
  root to paths