Replace send_sig and force_sig in __do_SAK with group_send_sig_info
the general helper for sending a signal to a process group.  This is
wordier but it allows specifying PIDTYPE_SID so that the signal code
knows the signal went to a session.

Both force_sig() and send_sig(..., 1) specify SEND_SIG_PRIV and the
new call of group_send_sig_info does that explicitly.  This is enough
to ensure even a pid namespace init is killed.

The global init remains unkillable.  The guarantee that __do_SAK tries
to provide is a clean path to login to a machine.  As the global init is
unkillable, if it chooses to hold open a tty it can violate this
guarantee.  A technique other than killing processes would be needed
to provide this guarantee to userspace.

The only difference between force_sig and send_sig when sending
SIGKILL is that SIGNAL_UNKILLABLE is cleared.  This has no affect on
the processing of a signal sent with SEND_SIG_PRIV by any process, making
it unnecessary, and not behavior that needs to be preserved.

force_sig was used originally because it did not take as many locks as
send_sig.  Today send_sig, force_sig and group_send_sig_info take the
same locks when delivering a signal.

group_send_sig_info also contains a permission check that force_sig
and send_sig do not.  However the presence of SEND_SIG_PRIV makes the
permission check a noop.  So the permission check does not result
in any behavioral differences.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>