Drop unneeded capabilities

As part of the self-sandboxing process, drop unneeded capabilities. Some time ago I created capng, a crate that wraps around libcapng, and I'd swear I added support to use it to drop capabilities in vhost-user-fs, but seems that I never created the PR. :-?