Expose --enable-sandbox command-line switch.

When `--enable-sandbox` is passed, electron will use chromium sandbox to spawn
all renderers, and every new BrowserWindow will automatically have "sandboxed"
passed as a web preference(since the renderer would not work properly
otherwise).

atom/app/atom_main_delegate.cc

@@ -122,8 +122,14 @@ void AtomMainDelegate::PreSandboxStartup() {
   if (!IsBrowserProcess(command_line))
     return;
 
-  // Disable renderer sandbox for most of node's functions.
-  command_line->AppendSwitch(::switches::kNoSandbox);
+  if (command_line->HasSwitch(switches::kEnableSandbox)) {
+    // Disable setuid sandbox since it is not longer required on linux(namespace
+    // sandbox is available on most distros).
+    command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
+  } else {
+    // Disable renderer sandbox for most of node's functions.
+    command_line->AppendSwitch(::switches::kNoSandbox);
+  }
 
   // Allow file:// URIs to read other file:// URIs by default.
   command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles);

atom/browser/atom_browser_client.cc

@@ -232,6 +232,7 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches(
   // Copy following switches to child process.
   static const char* const kCommonSwitchNames[] = {
     switches::kStandardSchemes,
+    switches::kEnableSandbox
   };
   command_line->CopySwitchesFrom(
       *base::CommandLine::ForCurrentProcess(),