interfaces/opengl: don't udev tag nvidia devices and use snap-confine instead (2.28)

[mvo5]

This should fix the regression in the opengl interface with the nvidia driver.

This is the 2.28 version of #3938

[codecov-io]

Codecov Report

Merging #4022 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #4022   +/-   ##
=======================================
  Coverage   75.88%   75.88%           
=======================================
  Files         431      431           
  Lines       36915    36915           
=======================================
  Hits        28014    28014           
  Misses       6948     6948           
  Partials     1953     1953

Impacted Files	Coverage Δ
interfaces/builtin/opengl.go	100% <ø> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e4cbfef...60fbf76. Read the comment docs.

[jdstrand]

I'm marking Approve for now. Your rules are fine but I suggest you use the ones I mentioned.

I'm surprised that 2.28 didn't have the nvidia code changes-- I specifically did the PR with priority so it would be in 2.28. I guess 2.28 branched before the PR. Darn

[jdstrand]

I suggest for future-proofing:

/sys/module/nvidia/* r,
/sys/**/nvidia*/uevent r,

[jdstrand]

Let's make this even better:

/sys/module/nvidia{,_*}/* r,
/sys/**/drivers/nvidia{,_*}/* r,

[zyga]

I applied both in sequence.

[zyga]

+1 (tested on nvidia hardware)

[jdstrand]

This covers the first rule (/sys/module/nvidia/version r,) so you can omit the first rule.

[zyga]

Let's remove this in the post-mortem move and let mvo release the point release.