Draft: First cut at a fs-mistrust crate.

This crate is meant to solve #315 (closed) by giving a way to make sure that a file or directory is only accessible by trusted users. I've tried to explain carefully (in comments and documentation) what this crate is doing and why, under the assumption that it will someday be read by another person like me who does not live and breathe unix file permissions. The crate is still missing some key features, noted in the TODO section.

Before I move ahead with this, I'm going to solicit feedback on the API and general architecture. (No need for detailed review yet.)