[system-probe] Update seccomp profile and capabilities for system probe

[xornivore]

What does this PR do?

Updates the seccomp profile with missing syscalls and adds NET_BROADCAST capability for the system probe.

This closely matches what we have currently in the helm chart.

Motivation

With the latest Agent image 7.22.0 the system probe fails start due to missing calls in the seccomp profile.

2020-08-27 20:39:33 UTC | SYS-PROBE | ERROR | (cmd/system-probe/loader.go:39 in Register) | new module `network_tracer` error: %!w(*errors.errorString=&{error guessing offsets: could not load bpf module for offset guessing: read /opt/datadog-agent/embedded/share/system-probe/ebpf/offset-guess.o: operation not permitted})

Additional Notes

Anything else we should know when reviewing?

[github-actions]

This pull request contains a valid label.

[github-actions]

This pull request contains a valid label.

[github-actions]

This pull request contains a valid label.

[codecov-commenter]

Codecov Report

Merging #140 into master will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master     #140   +/-   ##
=======================================
  Coverage   58.02%   58.02%           
=======================================
  Files          31       31           
  Lines        4610     4610           
=======================================
  Hits         2675     2675           
  Misses       1739     1739           
  Partials      196      196           

Flag	Coverage Δ
#unittests	58.02% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/controller/datadogagent/systemprobe.go	100.00% <ø> (ø)
pkg/controller/datadogagent/utils.go	83.16% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3b8bf72...411c041. Read the comment docs.