When bundled bwrap fails on Ubuntu 23.10+ with
kernel.apparmor_restrict_unprivileged_userns=1, generate an AppArmor
profile at ~/.boxlite/apparmor/boxlite-bwrap and include the
`sudo apparmor_parser -r` command in the diagnostic.

- Add apparmor.rs with generate_bwrap_profile() and write_bwrap_profile()
- Profile mirrors Ubuntu's bwrap-userns-restrict with unique names
  (boxlite_bwrap/boxlite_unpriv_bwrap) to avoid collision
- Caller in bwrap.rs computes apparmor_dir (Minimal Knowledge)

The bwrap sandbox was missing two critical mount categories:
1. ~/.boxlite/rootfs (ro) - VM init rootfs (Alpine bootstrap)
2. User volume host_paths - from BoxOptions.volumes

Without the rootfs mount, libkrun couldn't boot the VM inside bwrap,
causing the shim to exit immediately.

Separate Go runtime syscalls from VMM seccomp filter using Linux's
seccomp filter stacking semantics. Previously, the VMM filter contained
~100 syscalls (VMM + Go runtime combined). Now:

- VMM filter: ~66 unique syscalls (original Firecracker + libkrun)
- Gvproxy filter: ~106 unique syscalls (strict superset, includes Go runtime)

Two-phase application in shim:
  1. Apply gvproxy filter with TSYNC (before gvproxy creation)
  2. Create gvproxy → Go threads inherit permissive filter
  3. Stack VMM filter on main thread only (no TSYNC)
  4. krun_start_enter → vCPU threads inherit both from main

Stacked filters evaluate as intersection (most restrictive wins).
Since VMM ⊂ gvproxy, effective filter on main/vCPU = VMM.
Go threads keep only the gvproxy filter (more permissive).

Without gvproxy, VMM filter applied with TSYNC (original behavior).

The Firecracker-derived VMM filter (45 syscalls) was fundamentally
inadequate for libkrun on modern glibc (2.38+):

1. Missing modern glibc equivalents: glibc rewrites open→openat,
   stat→newfstatat, etc. The filter had legacy names but not modern ones.

2. Missing libkrun runtime syscalls: libkrun needs mprotect, bind,
   listen, clone3, pread64, etc. for VM setup and operation.

3. Missing thread init syscalls: vCPU threads created after seccomp
   need set_tid_address, rseq, arch_prctl for pthread initialization.

4. Insufficient ioctl coverage: Firecracker used 8 specific KVM ioctls;
   libkrun requires 28+ for VM creation and vCPU management.

Adds 47 entries to VMM filter (86 unique syscalls, up from 45).
Verified: vmm ⊂ gvproxy (all VMM syscalls are in gvproxy superset).

This fixes a pre-existing SIGSYS crash (exit code 159) on Linux when
seccomp is enabled — the shim was killed on the first openat() call.

Remove unused imports (SecurityOptions, FilesystemLayout) from
linux/mod.rs and add explicit unsafe block in credentials.rs for
Rust 2024 edition compliance (unsafe-op-in-unsafe-fn).

…SYNC

The VMM filter was expanded to 106 syscalls covering both libkrun and Go
runtime needs. The gvproxy filter (107 syscalls) was a strict superset
differing only by the `seccomp` syscall needed for two-phase stacking.

With a single TSYNC application after gvproxy creation, the `seccomp`
syscall is no longer needed and the gvproxy filter becomes redundant.

- Remove gvproxy section from seccomp JSON (~650 lines)
- Remove SeccompRole::Gvproxy variant and apply_gvproxy_filter()
- Simplify apply_vmm_filter() to always use TSYNC (remove tsync param)
- Remove two-phase stacking logic from shim main.rs

…helper

The previous commit removed `linux::apply_isolation()` but missed
updating the `PlatformIsolation` trait impl that called it. Inline
the logic directly: call `apply_vmm_filter()` when seccomp is enabled.

The `layout: &FilesystemLayout` parameter was unused in all three
platform implementations (Linux, macOS, Unsupported). No external
code called this trait method. Clean up the dead parameter.