vfs_acl_xattr: Additionally use CAP_SYS_ADMIN for xattrs from security namespace

These days we prefer capabilities over become_root() to perform some privileged operations. Accordingly acl_xattr VFS module also started using CAP_DAC_OVERRIDE to set and retrieve NT ACLs stored in xattrs. But there is a catch where only those processes with CAP_SYS_ADMIN are allowed write access to xattrs from security namespace(see man xattr(7)). With our default "security.NTACL" or any other configured xattr within security namespace cannot work leading to NT_STATUS_ACCESS_DENIED when smbd attempt to store/remove such xattrs. Therefore add CAP_SYS_ADMIN conditionally for xattrs from security namespace.

Checklist

• Commits have Signed-off-by: with name/author being identical to the commit author
• (optional) This MR is just one part towards a larger feature.
• (optional, if backport required) Bugzilla bug filed and BUG: tag added
• Test suite updated with functionality tests
• Test suite updated with negative tests
• Documentation updated
• CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
• This feature/change has adequate documentation added
• No obvious mistakes in the code