Merge pull request #422 from tbeadle/capng_changes

Make sure to init capng before dropping root.

capng_clear needs to be called before capng_change_id can be called within
droproot. Otherwise, an (unusable) error message is output: "error : ret -1" and it fails to drop root privileges.

This also fixes the dropping of the CAP_SETGID capability. Previously,
CAP_SETUID was being dropped twice.