Launch CEF without elevation even when KernelProcess is elevated

[planetchili]

Some usage scenarios involving injection might require ipm to be launch as administrator, but even in such cases we would like to avoid running the CEF child process subtree elevated. Should be possible to adjust the token integrity to a lower level, but in order to do this with boost::process we will need to switch to the V2 API. Look into integrity level SID values instead of using explorer.exe to derive the desired token.