ce9ff8aebd
Replace all 9 kernel uid==0 privilege checks with a capability bitmask model. Adds caps:u64 field to Context and CallerCtx, with CAP_ALL for root processes. Zero behavioral change - uid==0 still gets all caps. New module: src/scheme/caps.rs with 10 capability constants. 9 check sites converted: acpi, irq, memory, debug, serio, sys (msr+write), scheme registration, and fchown. Patch: local/patches/kernel/P27-capability-bitmask.patch