fs-util: add new chase_symlinks() flag CHASE_OPEN
The new flag returns the O_PATH fd of the final component, which may be
converted into a proper fd by open()ing it again through the
/proc/self/fd/xyz path.
Together with O_SAFE this provides us with a somewhat safe way to open()
files in directories potentially owned by unprivileged code, where we
want to refuse operation if any symlink tricks are played pointing to
privileged files.
(cherry picked from commit
1ed34d75d4f21d2335c5625261954c848d176ae6)
Change-Id: I5e5ce0affec97e4d19483b4f534db99f4f950f89
Related: #1663143