s6/s6-rc compatibility

[Nanderty]

I know I already commented here, but after thinking about it a bit more, I think this is worth it's own issue.
As far as my understanding of Turnstile and s6/s6-rc goes, Turnstile needs two more things to allow s6/s6-rc to elegantly integrate with it:

1. A config setting to allow running the backend as root.
2. A config setting to allow running passing all the env's, e.g. ${USER}, ${XDG_RUNTIME_DIR} also to the "ready" call.
3. (Nice but optional) a config setting to change Turnstile's behavior to do the following:
   Execute (possibly as root) the backend with "run" on first login as it does now, but as a oneshot without supervision.
   Execute (possibly as root, possibly with the env's) the backend with "ready" as usual.
   Execute (possibly as root) the backend with "stop" on last logout as it does now, but without killing anything.

This would allow the following:

• a) Number 2. would allow s6/s6-rc to be used similarly to how the dinit backend works.
• b) Number 1. would allow to delegate all the setup to a s6/s6-rc system service, by having the Turnstile backend just starting and stopping said service.
  Number 3. would allow to implementing b) way more cleanly.

I know Turnstile is supposed to supervise the user service tree, meaning that a) is probably what you intend. But I would argue that giving sysadmins/distro maintainers the choice to also do it in the b) way is a good idea.

[capezotte]

1 and 3 are probably better implemented as a separate PAM module and disabling turnstile's handling of XDG_RUNTIME_DIR.

FWIW, I was able to integrate s6-rc pretty neatly into turnstile without any of these changes; the only clunky part is that the service management layer is effectively a one-shot (s6-rc-init) that must be run after the actual supervisor (s6-svscan/s6-supervise) is ready, but this doesn't require adding more environment variables to the ready call, only some file descriptor wrangling (which the execline language makes easy).