Release 0.4.1

This release fixes a privilege escalation bug pointed out by Stephen Röttger, where in some setups
bubblewrap can be used to gain root permissions. Only version 0.4.0 is vulnerable, and only
if installed setuid while at the same time the kernel supports unprivileged user namespaces.
More details in the advisory here:

  https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj

Additionally there are some minor changes:
 * Always clear the capability bounding set (cosmetic issue)
 * Make the tests work with libcap >= 2.29
 * Properly report child exit status in some cases

Alexander Larsson (9):
      Ensure we're always clearing the cap bounding set
      Don't rely on geteuid() to know when to switch back from setuid root
      Don't support --userns2 in setuid mode
      drop_privs: More explicit argument name

Christian Kastner (1):
      tests: Update output patterns for libcap >= 2.29

Jean-Baptiste BESNARD (1):
      retcode: fix return code with syncfd and no event_fd

TomSweeneyRedHat (1):
      Add Code of Conduct
Git-EVTag-v0-SHA512: 0483b1e73940171e16ca41ab7994ae20e7572433a8f4cef276dfdf0685993b4c3bd21a002beb16003a29cf2280aa0394c3d2adaf1255ce1bb128bb2abaa32941
-----BEGIN PGP SIGNATURE-----

iG8EABECAC8WIQRqKwZ/teF6Gj/IoNrrYhbdt2xw6QUCXoHxyxEcYWxleGxAcmVk
aGF0LmNvbQAKCRDrYhbdt2xw6fsMAKCWU+SLEKT1XS/tI3BYNJ8UpZe8NgCfQNHO
zWAmc06AbxBb0HJqCDHY75g=
=dkJ4
-----END PGP SIGNATURE-----