cmd/snap-confine: allow reading /proc/filesystems

[zyga]

This rule is required to make snap-confine work on openSUSE tumbleweed.
The rule is presumably required by selinux as seen in the following
strace fragment:

23075 statfs("/sys/fs/selinux", 0x7ffdaa3ad9b0) = -1 ENOENT (No such file or directory)
23075 statfs("/selinux", {f_type=BTRFS_SUPER_MAGIC, f_bsize=4096, f_blocks=10486528, f_bfree=6317286, f_bavail=5992378, f_files=0, f_ffree=0, f_fsid={val=[2999193500, 2112688126]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
23075 brk(NULL) = 0x20b4000
23075 brk(0x20d5000) = 0x20d5000
23075 open("/proc/filesystems", O_RDONLY) = 3

Signed-off-by: Zygmunt Krynicki me@zygoon.pl

[codecov-io]

Codecov Report

Merging #3790 into master will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           master   #3790      +/-   ##
=========================================
- Coverage   75.81%   75.8%   -0.02%     
=========================================
  Files         402     402              
  Lines       34741   34741              
=========================================
- Hits        26340   26334       -6     
- Misses       6527    6531       +4     
- Partials     1874    1876       +2

Impacted Files	Coverage Δ
wrappers/binaries.go	72.72% <0%> (-6.82%)	⬇️
overlord/snapstate/snapstate.go	80.45% <0%> (-0.27%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 947c2d4...786fa93. Read the comment docs.

[jdstrand]

Thanks!