Fix race condition with getgrouplist().

If the second call to getgrouplist() found additional groups,
ngroups will be overwritten with this new larger value, while
the gids list would be truncated. (ngroups is a value-result arg.)
This will then lead to _gids_cache_lookup() returning the wrong
number of groups including invalid parts of memory, which are likely
to include some zeros.

Those zeros could then make it to the setgroups() call and thus
give the user access to the root group. Especially as setgroups
will succeed as long as the array does not contain -1 as a gid.

Bug 3320.