internal/pkg: optional landlock LSM

The alpine linux riscv64 kernel does not enable Landlock LSM, and kernel compilation is not yet feasible.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/pkg/pkg.go

@@ -521,6 +521,14 @@ const (
 	// was caused by an incorrect checksum accidentally left behind while
 	// bumping a package. Only enable this if you are really sure you need it.
 	CAssumeChecksum
+
+	// CHostAbstract disables restriction of sandboxed processes from connecting
+	// to an abstract UNIX socket created by a host process.
+	//
+	// This is considered less secure in some systems, but does not introduce
+	// impurity due to [KindExecNet] being [KnownChecksum]. This flag exists
+	// to support kernels without Landlock LSM enabled.
+	CHostAbstract
 )
 
 // Cache is a support layer that implementations of [Artifact] can use to store