Skip setting xattrs when running as non-root

To fix:
```
ERRO[0022] field "Layers[10]": failed to load layer (input-0): failed to setxattr "/tmp/r/93992c935cd0c3a219bf8a33e3c4fdd8bff42d4fd51a0067edcc68dc8596935b/diff/input-0/layers-10/usr/bin/newgidmap"
for key "security.capability": operation not permitted
```

Signed-off-by: Akihiro Suda <[email protected]>

Author: AkihiroSuda

pkg/diff/diff.go

@@ -10,6 +10,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"slices"
 	"sort"
 	"strconv"
@@ -700,6 +701,21 @@ func (d *differ) loadLayer(ctx context.Context, node *EventTreeNode, inputIdx in
 			hdr.Name = strings.TrimPrefix(hdr.Name, "/")
 			hdr.Name = strings.TrimPrefix(hdr.Name, "./")
 		}
+		if os.Geteuid() != 0 && runtime.GOOS == "linux" {
+			//nolint:staticcheck // SA1019: hdr.Xattrs has been deprecated since Go 1.10: Use PAXRecords instead.
+			for k := range hdr.Xattrs {
+				if strings.HasPrefix(k, "security.") {
+					log.G(ctx).Debugf("Ignoring xattr %q", k)
+					delete(hdr.Xattrs, k)
+				}
+			}
+			for k := range hdr.PAXRecords {
+				if strings.HasPrefix(k, "SCHILY.xattr.security.") {
+					log.G(ctx).Debugf("Ignoring PAX record %q", k)
+					delete(hdr.PAXRecords, k)
+				}
+			}
+		}
 		res.entries++
 		ent := &TarEntry{
 			Index:  i,