This is a harvester proposal.  Current versions of `dhcpcd` support building with privilege separation, so that the executable produced can run happily as an unprivileged user.  We nominally have support for it in our ebuild with the `privsep` flag.  The maintainer of `dhcpcd` has stated that at some point in the future, privsep will become the default and eventually only option (https://github.com/NetworkConfiguration/dhcpcd/discussions/279).

The Linux From Scratch notes about it here: https://www.linuxfromscratch.org/blfs/view/svn/basicnet/dhcpcd.html describe what the additional footprint needed on the system (just a `dhcpcd` user and group).

I propose that we turn on the `privsep` flag by default in `harvester` and see what happens...