Allow path-bound builtins on restricted shells

If a system administrator prefixes /opt/ast/bin to the path and
then invokes the shell in restricted mode, they clearly intend for
the user to run those AST utilities.

Similarly, if a system administrator sets a PATH for a restricted
shell that includes libraries listed in the .paths file, they must
have intended for the user to use those loadable built-ins, as they
will be associated with the pathnames of their respective
libraries. Since the user cannot change PATH or use the builtin
command, they still cannot load just any built-in they choose.

src/cmd/ksh93/sh/path.c:
- Remove SH_RESTRICTED check when handling path-bound builtins
  or dynamic libaries containining builtins in $PATH.

src/cmd/ksh93/tests/builtins.sh:
- Add test verifying a restricted user can use /opt/ast/bin/cat
  via a PATH search.

Progresses: https://github.com/ksh93/ksh/issues/138

src/cmd/ksh93/tests/builtins.sh

@@ -1156,5 +1156,17 @@ got=$(ulimit -t unlimited; uname -d > /dev/null; uname -o)
 [[ $exp == $got ]] || err_exit "'uname -d' changes the output of 'uname -o'" \
 	"(expected $(printf %q "$exp"), got $(printf %q "$got"))"
 
+# ======
+# Default path-bound builtins should be available to restricted shells if they are in $PATH on invocation
+# https://github.com/ksh93/ksh/issues/138#issuecomment-813886069
+builtin -d cat
+if	[[ $'\n'${ builtin; }$'\n' == *$'\n/opt/ast/bin/cat\n'* ]]
+then	exp='  version         cat (*) ????-??-??'
+	got=$(PATH=/opt/ast/bin:$PATH "$SHELL" -o restricted -c 'cat --version' 2>&1)
+	[[ $got == $exp ]] || err_exit "restricted shells do not recognize path-bound builtins" \
+		"(expected match of $(printf %q "$exp"), got $(printf %q "$got"))"
+else	warning 'skipping path-bound builtin test for restricted shells: builtin /opt/ast/bin/cat not found'
+fi
+
 # ======
 exit $((Errors<125?Errors:125))