Overhauls group identification to better support capabilities.

This commit make substantial changes to how the setuid command is created by taking responsibility to identify groups for the subsequent downscoped command. With previous implemented we relied on default behaviors but this was leading to permission failures when capabilities where used. Additionally, a first version of Pavilion testing has been added to preform basic sanity checks on the functionality.