feat(profile): initial integration with attached path.

The feature is not yet enabled.

See https://apparmor.pujol.io/development/internal/#re-attached-path

apparmor.d/profiles-a-f/flatpak-portal

@@ -31,8 +31,8 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) {
 
   /var/lib/flatpak/exports/share/mime/mime.cache r,
 
-  / r,
-  /.flatpak-info r,
+  owner @{att}/ r,
+  owner @{att}/.flatpak-info r,
 
   owner @{HOME}/.var/app/*/**/.ref rw,
   owner @{HOME}/.var/app/*/**/logs/* rw,

apparmor.d/profiles-a-f/foliate

@@ -40,7 +40,7 @@ profile foliate @{exec_path} flags=(attach_disconnected) {
   /usr/share/com.github.johnfactotum.Foliate/{,**} r,
 
   owner /bindfile@{rand6} rw,
-  owner /.flatpak-info r,
+  owner @{att}/.flatpak-info r,
 
   owner @{user_books_dirs}/{,**} r,
   owner @{user_torrents_dirs}/{,**} r,

apparmor.d/profiles-a-f/fprintd

@@ -27,8 +27,9 @@ profile fprintd @{exec_path} flags=(attach_disconnected) {
 
   /var/lib/fprint/{,**} rw,
 
+  @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
+
   @{run}/systemd/journal/socket rw,
-  @{run}/systemd/inhibit/@{int}.ref rw,
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
   @{sys}/class/hidraw/ r,

apparmor.d/profiles-a-f/fwupd

@@ -94,11 +94,12 @@ profile fwupd @{exec_path} flags=(attach_disconnected,complain) {
   @{sys}/kernel/security/tpm[0-9]/binary_bios_measurements r,
   @{sys}/power/mem_sleep r,
 
+  @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
+
   @{run}/motd.d/ r,
   @{run}/motd.d/@{int}-fwupd* rw,
   @{run}/motd.d/fwupd/{,**} rw,
   @{run}/mount/utab r,
-  @{run}/systemd/inhibit/@{int}.ref rw,
   @{run}/udev/data/* r,
 
   @{PROC}/@{pids}/fd/ r,