RFE: implement range checks

[topimiettinen]

Please add support for checking (preferrably multiple and masked) range(s) of values. For example in systemd (systemd/systemd#6256) we'd like to construct a filter which only allows personality(2) with following use cases:

personality(0xffffffff) to query personality
personality(PER_LINUX) (or personality(PER_LINUX32)) for effectively no change to current personality

while blocking all other cases.

This could be implemented with new (optionally masked and/or negated) compare operations with multiple ranges complemented with a negative check: SCMP_CMP_MASKED_INRANGE, SCMP_CMP_MASKED_NOTINRANGE, SCMP_CMP_INRANGE and SCMP_CMP_NOTINRANGE.

#44 may be related.

[pcmoore]

In an effort to get v2.6.0 out sooner than later, I'm going to suggest we push this out to v2.7.0; if you have any concerns or objections please drop a comment.