Allow polkit-agent-helper-1 read logind sessions files

This permission si required to open and read files in /run/systemd/sessions
when user is mapped to a confined SELinux user.

The following AVC denial is addressed:

type=PROCTITLE msg=audit(8.3.2021 19:34:41.769:1086) :
proctitle=/usr/lib/polkit-1/polkit-agent-helper-1 user
type=PATH msg=audit(8.3.2021 19:34:41.769:1086) : item=0
name=/run/systemd/sessions/2 inode=1964 dev=00:1a mode=file,644 ouid=root
ogid=root rdev=00:00 obj=system_u:object_r:systemd_logind_sessions_t:s0
nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(8.3.2021 19:34:41.769:1086) : cwd=/home/user
type=SYSCALL msg=audit(8.3.2021 19:34:41.769:1086) : arch=x86_64 syscall=openat
success=yes exit=3 a0=0xffffff9c a1=0x55be759ef6a0 a2=O_RDONLY|O_CLOEXEC a3=0x0
items=1 ppid=1883 pid=43807 auid=user uid=user gid=user euid=root suid=root
fsuid=root egid=user sgid=user fsgid=user tty=(none) ses=2 comm=polkit-agent-he
exe=/usr/lib/polkit-1/polkit-agent-helper-1
subj=staff_u:staff_r:policykit_auth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(8.3.2021 19:34:41.769:1086) : avc:  denied  { open }
for  pid=43807 comm=polkit-agent-he path=/run/systemd/sessions/2 dev="tmpfs"
ino=1964 scontext=staff_u:staff_r:policykit_auth_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1
type=AVC msg=audit(8.3.2021 19:34:41.769:1086) : avc:  denied  { read }
for  pid=43807 comm=polkit-agent-he name=2 dev="tmpfs" ino=1964
scontext=staff_u:staff_r:policykit_auth_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1

policy/modules/contrib/policykit.te

@@ -99,6 +99,7 @@ systemd_login_watch_pid_dirs(policykit_t)
 systemd_login_watch_session_dirs(policykit_t)
 systemd_machined_read_pid_files(policykit_t)
 systemd_machined_watch_pid_dirs(policykit_t)
+systemd_read_logind_sessions_files(policykit_t)
 
 userdom_getattr_all_users(policykit_t)
 userdom_read_all_users_state(policykit_t)