thumbnail: Sandbox thumbnailers on Linux

On Linux systems, bubblewrap is now required to launch thumbnailers in a
restricted environment.

- Only /usr and the compilation ${prefix} of the gnome-desktop library
  will be available to the thumbnailer as read-only
- The network is disabled
- The filename of the file to thumbnail is hidden
- Bubblewrap is not used if the application is already sandboxed in
  Flatpak as all privileges to create a new namespace are dropped when
  the initial one is created.

https://bugzilla.gnome.org/show_bug.cgi?id=774497