interfaces/builtin/libvirt: add /run/libvirt/libvirt-sock-ro

[jslarraz]

virt-viewer requires read/write access to /run/libvirt/libvirt-sock-ro to work properly. This PR adds the required rule to libvirt interface.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5407316) 78.86% compared to head (41c194b) 78.87%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #13602   +/-   ##
=======================================
  Coverage   78.86%   78.87%           
=======================================
  Files        1033     1033           
  Lines      132065   132065           
=======================================
+ Hits       104159   104161    +2     
+ Misses      21404    21403    -1     
+ Partials     6502     6501    -1     

Flag	Coverage Δ
unittests	78.87% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bboozzoo]

LGTM

[bboozzoo]

from the manual:

/var/run/libvirt/libvirt-sock-ro - the secondary socket for accessing libvirt APIs, with limited read-only privileges. A connection to this socket gives the ability to query the existence of objects and monitor some aspects of their operation. This is the socket that most management applications connect to when requesting read only mode. Typically this is what a monitoring app would use.

https://github.com/libvirt/libvirt/blob/50bca3d45b58a6dd51d3792cc856f4f49fe88bea/docs/daemons.rst?plain=1#L79

[alexmurray]

LGTM - the existing libvirt-sock is already more privileged than the proposed libvirt-sock-ro so this does not increase the security attack surface etc.

[Meulengracht]

Thanks, will just let tests run