ci: temporarily disable seccomp for Docker containers

[mrc0mmand]

Current Docker version on Ubuntu 20.04 used by GH Actions suffers from
an incompatibility with newer glibc [0] used by Fedora Rawhide, causing
Rawhide containers in CI to fail with:

Errors during downloading metadata for repository 'fedora-cisco-openh264':
  - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-rawhide&arch=x86_64 [getaddrinfo() thread failed to start]

glibc 2.34 and later tries to use the clone3 syscall (for
hardware-assisted security hardening on x86_64), and falls back to clone2
on ENOSYS. However, with the current seccomp profile Docker returns EPERM
instead, which is considered a "hard" fail.

A fix [1] has been merged in upstream, but until then let's run the CI Docker
containers without any seccomp profiles to allow Rawhide jobs to to their job.
(I tried to disable seccomp only for the Rawhide jobs, but I couldn't procure
any solution which wouldn't make my eyes bleed...)

[0] moby/moby#42680
[1] moby/moby#42681

[mrc0mmand]

Also, when testing this change, Valgrind on Rawhide complains about a memory leak:

==658== 
==658== HEAP SUMMARY:
==658==     in use at exit: 2,205,588 bytes in 20,899 blocks
==658==   total heap usage: 130,961 allocs, 110,062 frees, 17,179,470 bytes allocated
==658== 
==658== 32 bytes in 1 blocks are definitely lost in loss record 1,188 of 2,139
==658==    at 0x484086F: malloc (vg_replace_malloc.c:380)
==658==    by 0x401601B: UnknownInlinedFun (rtld-malloc.h:56)
==658==    by 0x401601B: _dl_close_worker (dl-close.c:406)
==658==    by 0x401691A: _dl_close (dl-close.c:873)
==658==    by 0x50D2297: _dl_catch_exception (in /usr/lib64/libc.so.6)
==658==    by 0x50D2362: _dl_catch_error (in /usr/lib64/libc.so.6)
==658==    by 0x500186D: _dlerror_run (in /usr/lib64/libc.so.6)
==658==    by 0x5001597: dlclose@@GLIBC_2.34 (in /usr/lib64/libc.so.6)
==658==    by 0x5A6E701: g_module_close (in /usr/lib64/libgmodule-2.0.so.0.6902.0)
==658==    by 0x4AF8AAE: ??? (in /usr/lib64/libgio-2.0.so.0.6902.0)
==658==    by 0x4C92810: g_type_module_unuse (in /usr/lib64/libgobject-2.0.so.0.6902.0)
==658==    by 0x4BBFECC: ??? (in /usr/lib64/libgio-2.0.so.0.6902.0)
==658==    by 0x4AF9115: g_io_extension_point_get_extensions (in /usr/lib64/libgio-2.0.so.0.6902.0)
==658==    by 0x4AFF7F9: ??? (in /usr/lib64/libgio-2.0.so.0.6902.0)
==658==    by 0x4B0C6D9: g_proxy_resolver_get_default (in /usr/lib64/libgio-2.0.so.0.6902.0)
==658==    by 0x4A2AF94: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
==658==    by 0x4A3A73B: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
==658==    by 0x4A3B744: ??? (in /usr/lib64/libsoup-2.4.so.1.11.0)
==658==    by 0x401518: __wrap_soup_session_send_message (test_beaker_harness.c:16)
==658==    by 0x401298: rstrnt_bkr_check_recipe (beaker_harness.c:72)
==658==    by 0x40139A: test_rstrnt_bkr_check_recipe_no_lc (test_beaker_harness.c:37)
==658==    by 0x4D31285: ??? (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4D30FAA: ??? (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4D30FAA: ??? (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4D30FAA: ??? (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4D31759: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4D31780: g_test_run (in /usr/lib64/libglib-2.0.so.0.6902.0)
==658==    by 0x4015A1: main (test_beaker_harness.c:88)
==658== 
==658== LEAK SUMMARY:
==658==    definitely lost: 32 bytes in 1 blocks
==658==    indirectly lost: 0 bytes in 0 blocks
==658==      possibly lost: 0 bytes in 0 blocks
==658==    still reachable: 225,034 bytes in 1,304 blocks
==658==         suppressed: 1,957,666 bytes in 19,373 blocks
==658== Reachable blocks (those to which a pointer was found) are not shown.
==658== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==658== 
==658== For lists of detected and suppressed errors, rerun with: -s
==658== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)

but I suspect it's a false positive and the suppression file (tests/valgrind.supp) needs to be tweaked accordingly.

[StykMartin]

We merged all necessary bits in different PRs. Anyway, thank you for your contribution @mrc0mmand!