More seccomp fixes
A followup wrt false SIGSYS and other seccomp issues:
- Adds some more 32-bit related syscalls (#284 (closed))
- Makes the concession to allow AF_NETLINK/NETLINK_KOBJECT_UEVENT socket access for udev within gstreamer plugins. It seems the only viable path forward to skip arch-dependent issues with socket() rules, while handling the remaining one (#283 (closed))
- Allows tgkill() with restrictions, for assert/abort/etc to work without a false SIGSYS positive (#287 (closed))
- Allows restart_syscall() syscall, in case tracker-extract-3 ends up traced (#288 (closed))
- Adds some further restrictions to the seccomp sandbox.