This PR makes sure that some capabilities (SYS_BOOT and SYS_MODULES) and never be gained by any process running on Talos except for `machined` itself. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
