Added some benchmarking code (but not clean, will not publish unless deemed required).
fso: /bin/ | benchmark: 00:00:01
fso: /usr/bin/ | benchmark: 00:00:05
fso: /sbin/ | benchmark: 00:00:00
fso: /usr/sbin/ | benchmark: 00:00:01
fso: /lib/ | benchmark: 00:00:57
fso: /lib32/ | benchmark: 00:00:00
fso: /lib64/ | benchmark: 00:00:00
fso: /usr/lib/ | benchmark: 00:02:01
fso: /usr/lib32/ | benchmark: 00:00:00
Parsing /lib/ and /usr/lib/ takes far most of the time.
Fortunately /lib does not have any suid binaries by default on my system.
Maybe we can mount /lib as nodev,nosuid. As per Kurt Seifried - LASG / Installation we can. Then we could remove /lib from permission hardening config and safe 1 minute.
Parsing /usr/lib though seems important.