So that administrators can more easily know what the problem is with the
rules they are trying to set.
The new sysctl 'security.mac.do.print_parse_error' controls whether
trying to set sysctl 'security.mac.do.rules' with invalid rules triggers
printing of the error on the system console.
Setting jail parameters directlty reports an error to the calling
process thanks to the VFS options mechanism used by the jail machinery,
so is not controlled by the new sysctl setting.
Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47617
87c06b7d02