core: check fs type of BPFProgram= property path

Tests:

```
% stat --file-system --format="%T" /root/bpf/trivial/
bpf_fs

% systemd-nspawn -D/ --volatile=yes \
--property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \
--quiet -- ping -c 5 -W 1 ::1
PING ::1(::1) 56 data bytes

--- ::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4110ms
```

```
% stat --file-system --format='%T' /root/meh
btrfs

% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh
--quiet -- ping -c 5 -W 1 ::1
```
sudo ./build/systemd-nspawn \
-D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \
ping -c 1 -W 1 ::1
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms

--- ::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms

1 files changed, 10 insertions, 0 deletions

diff --git a/src/core/bpf-foreign.c b/src/core/bpf-foreign.c
index 686c14ce1f..8538792b60 100644
--- a/src/core/bpf-foreign.c
+++ b/src/core/bpf-foreign.c
@@ -4,8 +4,10 @@
 #include "bpf-program.h"
 #include "cgroup.h"
 #include "memory-util.h"
+#include "missing_magic.h"
 #include "mountpoint-util.h"
 #include "set.h"
+#include "stat-util.h"
 
 typedef struct BPFForeignKey BPFForeignKey;
 struct BPFForeignKey {
@@ -84,6 +86,14 @@ static int bpf_foreign_prepare(
         assert(u);
         assert(bpffs_path);
 
+        r = path_is_fs_type(bpffs_path, BPF_FS_MAGIC);
+        if (r < 0)
+                return log_unit_error_errno(u, r,
+                                "Failed to determine filesystem type of %s: %m", bpffs_path);
+        if (r == 0)
+                return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
+                                "Path in BPF filesystem is expected.");
+
         r = bpf_program_new_from_bpffs_path(bpffs_path, &prog);
         if (r < 0)
                 return log_unit_error_errno(u, r, "Failed to create foreign BPFProgram: %m");