feat(profiles): use /etc read only variable: etc_ro

apparmor.d/profiles-s-z/sddm

@@ -139,12 +139,12 @@ profile sddm @{exec_path} {
 
   /{usr/,}lib/@{multiarch}/ld-*.so mr,
 
-  /etc/security/limits.d/ r,
+  @{etc_ro}/security/limits.d/ r,
 
   owner @{HOME}/.Xauthority rw,
 
   /etc/default/locale r,
-  /etc/environment r,
+  @{etc_ro}/environment r,
 
   owner @{PROC}/@{pid}/loginuid rw,
   owner @{PROC}/@{pid}/mounts r,

apparmor.d/profiles-s-z/su

@@ -48,8 +48,8 @@ profile su @{exec_path} {
   /{usr/,}{s,}bin/nologin   rPx,
 
   /etc/default/locale r,
-  /etc/environment r,
-  /etc/security/limits.d/ r,
+  @{etc_ro}/environment r,
+  @{etc_ro}/security/limits.d/ r,
   /etc/shells r,
 
   owner @{PROC}/@{pids}/loginuid r,

apparmor.d/profiles-s-z/sudo

@@ -54,10 +54,10 @@ profile sudo @{exec_path} {
   /{usr/,}lib/cockpit/cockpit-askpass  rPx,
   /{usr/,}lib/molly-guard/molly-guard  rPx,
 
+  @{etc_ro}/environment r,
+  @{etc_ro}/security/limits.d/{,*} r,
   /etc/default/locale r,
-  /etc/environment r,
   /etc/machine-id r,
-  /etc/security/limits.d/{,*} r,
   /etc/sudo.conf r,
   /etc/sudoers r,
   /etc/sudoers.d/{,*} r,