feat(profiles): general update.

apparmor.d/profiles-g-l/git

@@ -33,10 +33,13 @@ profile git @{exec_path} {
   # the most similar commands, which it thinks can be used instead. Git binaries are all under
   # /usr/bin/ , so allow only this location.
   @{bin}/ r,
-  deny /{usr/,}sbin/ r,
-  deny /usr/local/{s,}bin/ r,
+  deny @{bin}/*/ r,
   deny /usr/games/ r,
+  deny /usr/local/{s,}bin/ r,
   deny /usr/local/games/ r,
+  deny /var/lib/flatpak/exports/bin/ r,
+  deny owner @{HOME}/.go/bin/ r,
+  deny owner @{user_bin_dirs}/ r,
 
   # These are needed for "git submodule update"
   @{bin}/{,ba,da}sh  rix,
@@ -97,7 +100,7 @@ profile git @{exec_path} {
   owner /tmp/* rw,
   owner /tmp/tmp*/ rw,                       # For TWRP-device-tree-generator
   owner /tmp/tmp*/** rwkl -> /tmp/tmp*/**,
-  owner /tmp/.git_vtag_tmp* rw,              # For git log --show-signature
+  owner /tmp/.git_vtag_tmp@{rand6} rw,       # For git log --show-signature
   owner /tmp/git-commit-msg-.txt rw,         # For android studio
 
   deny @{user_share_dirs}/gvfs-metadata/* r,
@@ -112,7 +115,7 @@ profile git @{exec_path} {
     owner @{HOME}/@{XDG_GPG_DIR}/ rw,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
-    owner /tmp/.git_vtag_tmp* r,
+    owner /tmp/.git_vtag_tmp@{rand6} r,
 
     deny @{user_share_dirs}/gvfs-metadata/* r,