Add file_ns_capable() helper function for open-time capability checking

Add file_ns_capable() helper function for open-time capability checking

commit 935d8aabd4331f47a89c3e1daa5779d23cf244ee upstream.

Nothing is using it yet, but this will allow us to delay the open-time
checks to use time, without breaking the normal UNIX permission
semantics where permissions are determined by the opener (and the file
descriptor can then be passed to a different process, or the process can
drop capabilities).

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Shea Levy <shea@shealevy.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>