This patch adds support for pam-kwallet (in my scratch right now, to be released soon).

This is how the new pam works, and why this patch is needed:

In order to open the wallet in a secure way we have to try hard to not send the hash on an 
insecure manner. This is how we achieve that:

-pam_kwallet creates a pipe.
-pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for example).
-pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and local socket).
-pam_kwallet sends the hash via the pipe.
-kwalletd gets the hash and waits for the environment.
-startkde uses "socat" to send the environment to kwalletd.
-kwalletd setups the environment before any Qt code is executed.
-kwalletd resumes execution.

With this way of executing kwallet we get:
-pam_kwallet knows to who it is sending the hash (its on child).
-hash is never revealed on shared memory (dbus), since pipes are private to the apps.
-ptrace is usually disabled so only root can see the hash on the app memory
-no Qt code is executed without the proper environment (same as startkde)
-if kwalletd is executed normally (not from pam_kwallet) then it is business as usual.

The patch also comes with integration tests that simulate how kwalletd is executed in the pam module.

For the release team, I would love to add this to 4.13, after all it is innocuous if kwalletd is not executed via pam_module.