snap: tighten up layout path checking for usrmerge'd systems
On a usrmerge'd system, /lib is a symlink to /usr/lib and /var/run is a symlink
to /run - ensure these are also tested for when validating a snap layout.
apparmor: allow to read /proc/self/map_files (#12547)
* apparmor: allow to read /proc/self/map_files
Accesing this folder is needed for mangohud. Since the info
there is basically the same than in /proc/self/maps, but it's
easier to access because the program doesn't have to parse it,
it should be safe.
* Add "owner" modifier
* Add comment explaining security details
Added a comment explaining why it is secure to allow to access
this folder.