Update to shadow-4.2.1 to properly to add newuidmap/newgidmap support

Currently it is not possible to handle subuid/subgid allocation in a standard
way since Tumbleweed and friends lack a proper shadow version which includes
the newuidmap/newgidmap executables. This commit updates shadow to version
4.2.1 which includes both those tools. Both executables require either the
setuid bit set or file caps but /etc/permissions and /etc/permissions.*
currently do not contain entries for newuidmap/newgidmap. This causes rpmlint
to spew errors and abort the build. This is currently handled by resorting to
the hack of adding package-specific permission files to /etc/permissions.d.
This should not be necessary onces this is handled by placing the appropriate
permissions in /etc/permissions and /etc/permissions.*.

As unprivileged users cannot assign any subuids to a user namespace (only their
own current uid) they are not able to easily run user namespaced containers
with tools that rely on the presence of newuidmap/newgidmap. Even with the
files /etc/subuid and /etc/subgid present this is not always possible since
they are not read by the kernel itself. They only serve newuidmap/newgidmap.

When a user is assigned subuids/subgids a full range of 65536 subuids/subgids
is handed out. This is the POSIX compliant way and enables users to e.g. run
not just application but also system containers.

- use sequential numbering for patches
- Patch 0004-chkname-regex.patch
- Call regfree() to avoid memory leak
- Add fixes from Red Hat/Fedora:
- 0013-shadow-4.1.5.1-audit-owner.patch.patch:
-log owner changes for home directory
- 0014-shadow-4.1.5.1-userdel-helpfix.patch.patch:
- give a hint about what happens when you force the removal of
a user
- 0015-shadow-4.2.1-defs-chroot.patch.patch:
- initialize uid_t uid_min and uid_t uid_max not before we need
them
- 0016-shadow-4.2.1-merge-group.patch.patch:
- simplify by using a single call to snprintf()
- Add upstream fix
- 0017-Fix-user-busy-errors-at-userdel.patch