security: update security manager to hold capabilities in generic way

In order to properly manipulate all capabilities, all kernel object should hold a 'capa' field that store the object's corresponding capabiliti(es). 
Any access requiring a capability should be checked by a simple `mgr_security_capa_matches(task_capa, object_capa)`, making capability management easy and unified in the overall kernel.