sandbox/seccomp: implement syscall lookup

This uses the Go map and is verified against libseccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>

flake.nix

@@ -187,12 +187,14 @@
 
           generateSyscallTable = pkgs.mkShell {
             # this should be made cross-platform via nix
-            shellHook = ''
-              exec ${pkgs.perl}/bin/perl \
+            shellHook = "exec ${pkgs.writeShellScript "generate-syscall-table" ''
+              set -e
+              ${pkgs.perl}/bin/perl \
                 sandbox/seccomp/mksysnum_linux.pl \
-                ${pkgs.linuxHeaders}/include/asm/unistd_64.h > \
+                ${pkgs.linuxHeaders}/include/asm/unistd_64.h | \
+                ${pkgs.go}/bin/gofmt > \
                 sandbox/seccomp/syscall_linux_amd64.go
-            '';
+            ''}";
           };
         }
       );