Ensure that binary does not run under root with the setgid or setuid bits set
Problem to solve
The CLI binary can be run as a superuser with the setuid or setgid bits set. If not needed, we should take this away to ensure that the CLI can not run other process as a superuser.
Proposal
We can improve the security of the GitLab CLI by ensuring that we never run as root with the setuid or setgid bits enabled. For Windows, this might require a different approach since permission bits do not map from POSIX compliant operating systems to Windows in a 1:1 fashion.
Further details
You can use the os.Executable function to return the glab executable path.
It's possible that this might point to a symlink, so we should take care in evaluating the permissions of both a symlink and an executable.