Add intercept and log_subcmds support for execveat(2).

Previously, sudo would always allow execveat(2) in intercept mode
to support sudo's own use of fexecve(3) for the "fdexec" setting.
Since sudoers is path-based, we must use /proc to resolve the file
descriptor in execveat(2) to a path.

Credit:
 - XlabAI Team of Tencent Xuanwu Lab ([email protected])
 - Atuin Automated Vulnerability Discovery Engine
 - Guannan Wang, Zhanpeng Liu, Guancheng Li

Also reported by:
 - Nofil Qasim
 - Quentin Chalabi

Author: millert