dix: Translate _NET_WM_PID for sandboxed apps

The EMWH protocol states that X11 clients should set the _NET_WM_PID
property to contain the process ID of the client owning the window.

This definition however predates the ability to have sandboxed
applications, where the client itself doesn't know its actual PID in the
global PID namespace.

As a result, a sandboxed application cannot set its _NET_WM_PID property
correctly.

To avoid that issue, the Xserver can detect whenever that property is set
and change the value to the actual PID determined from the socket with
the local client on the fly.

Please note that this affects basically any X11 client trying to set the
_NET_WM_PID property on its X11 window, not just X11 applications
running in a sandbox. This also ensures that a client does not set some
other process' PID to abuse the _NET_WM_PID mechanism and force kill
another process.

Also, if the XRes extension is not enabled (either at build time or at
run time), or if the SECURITY extension is enabled, the _NET_WM_PID is
left unchanged because that could possibly give the sandboxed clients a
way to know their actual global PID.

v2:
 * Recreate atom of server regeneration (Michel Dänzer)
 * Update PID value from dixChangeWindowProperty (Michel Dänzer)
v3:
 * Init atom in main() at each server regeneration (Peter Hutterer)
v4:
 * Explicitly check for non-local clients instead of relying on
   GetClientPid() to return a negative value (Michel Dänzer).
v5:
 * Use a CARD32
v6:
 * Remove spurious empty line (Peter Hutterer)
v7:
 * Do nothing if XRes is disabled or XSECURITY is enabled

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Closes: xorg/xserver#1022
See-also: https://github.com/containers/bubblewrap/issues/373
4 jobs for net-wm-pid-sandbox in 7 minutes (queued for 3 seconds)
latest
Status Job ID Name Coverage
  Docker Image
passed #3914759
debian-testing

00:01:03

 
  Build And Test
passed #3914760
autotools

00:05:57

passed #3914761
meson

00:02:21

passed #3914762
meson-noglamor

00:01:28