This application (veriexecctl) handles reading a fingerprints file

This application (veriexecctl) handles reading a fingerprints file
containing paths, fingerprints, and optional option flags which in turn
get pushed into the MAC/veriexec meta-data store via the veriexec device.

The format of the fingerprints file is as follows:
path type fingerprint options

The type of fingerprint supported depends on what MAC/veriexec fingerprint
modules have been loaded into the system. The veriexecctl application is
able to determine which ones are available by consulting the
security.mac.veriexec.algorithms sysctl.

The following options are currently supported in MAC/veriexec and by the
veriexecctl application:

indirect
  If this option is set then the executable cannot be invoked directly, it
  can only be used as an interpreter in shell scripts.
file
  Indicates that the fingerprint is associated with a file, not an
  executable. Files have their fingerprints verified during open(2) and are
  automatically made read only. This option may be used to verify shared
  libraries have not been tampered with.
no_ptrace
  If this option is set then the executable cannot be traced with the
  ptrace(2) process tracing and debugging call.
trusted
  If this option is set then the executable is allowed to write to the
  mem(4) devices. By default, when verified execution is enforced, no
  process is allowed to write to the mem(4) devices.

The options are not case sensitive.

Reviewed by:	jtl, wblock
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D8575