Make charon use 'ipsec' user and group, and enable the libcap
support as few capabilities need to be retained for configuring
IPsec SAs in to kernel.

This also introduces charon.initd which starts charon daemon only
and uses swanctl for configuration. It is a little bit more light
weight than running the 'starter' which seems to be deprecated.
Also the config format is completely different, but more flexible
and extensive.