sandbox: enforce rlimit restrictions before connect

Basic pre-connect sandbox: disable the ability for the xmppipe process
to fork.

src/xmppipe_sandbox_rlimit.c

@@ -21,6 +21,13 @@
     int
 xmppipe_sandbox_init(xmppipe_state_t *state)
 {
+    struct rlimit rl_zero = {0};
+
+#ifdef RLIMIT_NPROC
+    if (setrlimit(RLIMIT_NPROC, &rl_zero) < 0)
+        return -1;
+#endif
+
     return 0;
 }