[WIP] Rework mount namespace support

OMG/META/FIXME: currently the code works the same way in classic and all
snap. Can we keep this? This has big impact on how things behave and
lets us have >1 core snap in any situation (good thing), just perhaps
unexpected.

TODO: restore /var/lib/snapd/hostfs as rslave
TODO: re-enable LXD quirk (just disabled because it looks ugly, it works
OK)
TODO: after fixing hostfs re-enable nvidia that assumes to run before
pivot_root (it'd be better/easier to make it run after pivot_root but
this is a separate branch to make)

TODO: clean up the apparmor profile as it is probably somewhat redundant
now and might contain useless rules

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>