feat(profile): use the new @{tmp} variable.

It is only used with the owner statement.

apparmor.d/groups/virt/containerd

@@ -88,7 +88,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
 
         /tmp/cri-containerd.apparmor.d@{int} rwl,
         /tmp/ctd-volume@{int}/{,**} rw,
-  owner /tmp/** rwkl,
+  owner @{tmp}/** rwkl,
   owner /var/tmp/** rwkl,
 
   @{sys}/fs/cgroup/kubepods/** r,

apparmor.d/groups/virt/k3s

@@ -98,7 +98,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) {
   @{run}/xtables.lock rwk,
 
   owner /var/tmp/** rwkl,
-  owner /tmp/** rwkl,
+  owner @{tmp}/** rwkl,
 
   owner @{PROC}/@{pids}/cgroup r,
   owner @{PROC}/@{pids}/cpuset r,