Handling unshare() and kernel namespaces

This is fixed on master now.

Getting pid namespaces to work was a bit of a pain. We can no longer use
the pids returned by system calls (i.e. fork/clone) because they might be
in a different pid namespace. Instead we observe the
PTRACE_EVENT_FORK/CLONE and stash a pointer to the new task where
process_fork/clone can find it.

ptrace is broken for non-initial pid namespaces, because our ptrace
emulation would require translation of pids between namespaces. It could be
fixed, but it won't be a big deal for sandbox use-cases since they
generally can't use ptrace so I'll ignore it for now. If people start using
rr on Linux containers it might become relevant.

