wayland: add extra sockets that are used by older toolkits (e.g. gtk3)

[gerboland]

Inspired by https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/abstractions/wayland

[gerboland]

I removed "wayland-shared-*" as I cannot find what was using it, and as the built-in apparmor profile doesn't have it either, concluded it was an error.

[mvo5]

LGTM

[mvo5]

Adding Jamie to look at this from the security POV

[gerboland]

I forgot to fix the test, done now

[codecov-io]

Codecov Report

Merging #5660 into master will decrease coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #5660      +/-   ##
==========================================
- Coverage   78.96%   78.96%   -0.01%     
==========================================
  Files         522      522              
  Lines       39711    39711              
==========================================
- Hits        31358    31356       -2     
- Misses       5807     5808       +1     
- Partials     2546     2547       +1

Impacted Files	Coverage Δ
interfaces/builtin/wayland.go	100% <ø> (ø)	⬆️
overlord/hookstate/hookmgr.go	73.55% <0%> (-0.97%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f466e4...7c3b649. Read the comment docs.

[zyga]

The policy itself looks okay.

[zyga]

This looks okay though ideally it wayland would store those sockets in some private space since they are actually handled to clients over a IPC call that carries the file descriptor. Still, this is okay just annoying.

[gerboland]

These sockets/files are can also be created by clients to share data with the server - passed by FD as you rightly say. AFAICS it is an informal standard that $XDG_RUNTIME_DIR is the place for such things, and that's hardcoded in all the toolkits I've looked at.

[zyga]

This matches the list above so OK

[jdstrand]

+1. Thanks!