Suricata

While using `suricata` (version 7.0.8) with `ebpf` in a `lxc` container and running it with a config

```yaml
run-as:
user: XXX
group: XXX
```

We realised using `strace` some suricata code was dropping linux capabilities. On further investigation, we realised it was function `SCDropMainThreadCaps` drops capabilities if `sc_set_caps TRUE`, this is TRUE if this we enter here:

```
if (ConfGet("run-as.user", &id) 1) {
suri->do_setuid = TRUE;
suri->user_name = id;
}
if (ConfGet("run-as.group", &id) == 1) {
suri->do_setgid = TRUE;
suri->group_name = id;
}
```

I think there is a missing clause in `SCDropMainThreadCaps` to check if `suricata.yaml` uses XDP/eBPF to do something like the diff I linked.

I think a good fix (not what I did) would be adding capabilities iff we have `xdp-filter-file` or `ebpf-filter-file` on.