Fix swaylock w/shadow on glibc, improve security

Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:

- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow

swaylock/meson.build

@@ -26,6 +26,9 @@ else
     warning('The swaylock binary must be setuid when compiled without libpam')
     warning('You must do this manually post-install: chmod a+s /path/to/swaylock')
     sources += ['shadow.c']
+    if crypt.found()
+        dependencies += [crypt]
+    endif
 endif
 
 executable('swaylock',