Alternatives to setuid root

[andrewchambers]

While hermes is designed to be secure with a setuid hermes-pkgstore binary, we should be using as few privs as possible and strive to simplify and improve if we can.

• On linux, one option are linux capabilities.