core/exec: Restore SmackProcessLabel setting (#7378)

core/exec: Restore SmackProcessLabel setting (#7378)

Smack LSM needs the capability CAP_MAC_ADMIN to allow
setting of the current Smack exec label. Consequently,
dropping capabilities must be done after changing the
current exec label.

This is only related to Smack LSM. But for clarity and
regularity, all setting of security context moved before
dropping capabilities.

See Issue 7108