feat(profiles): use /etc read only variable: etc_ro

apparmor.d/profiles-g-l/lightdm

@@ -96,14 +96,14 @@ profile lightdm @{exec_path} {
   @{run}/lightdm.pid rw,
 
   @{PROC}/1/limits r,
-  /etc/security/limits.d/ r,
+  @{etc_ro}/security/limits.d/ r,
 
   owner @{PROC}/@{pid}/uid_map r,
   owner @{PROC}/@{pid}/loginuid rw,
   owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/cmdline r,
 
-  /etc/environment r,
+  @{etc_ro}/environment r,
   /etc/default/locale r,
 
   /dev/tty[0-9]* r,

apparmor.d/profiles-g-l/login

@@ -37,12 +37,12 @@ profile login @{exec_path} flags=(complain) {
   /{usr/,}bin/{,z,ba,da}sh  rUx,
 
   /etc/default/locale r,
-  /etc/environment r,
+  @{etc_ro}/environment r,
   /etc/legal r,
   /etc/motd r,
   /etc/security/group.conf r,
   /etc/security/limits.conf r,
-  /etc/security/limits.d/{,*} r,
+  @{etc_ro}/security/limits.d/{,*} r,
   /etc/security/pam_env.conf r,
   /etc/shells r,