Code review comment for lp:~gary-wzl77/squid/snap_package

Thanks, Alex and Amos for your comments.

@Alex, about your suggestions, I think it makes sense to me.
But
"...This should be done without adding a single monolithic set of options tied to the snap environment..."
That's impossible if we're gonna release squid snap in stable channel of ubuntu store. Because the ultimate goal is to publish squid snap into the stable channel so that normal user can let it run with the strict security confinement.
And except custom Squid configuration file template, all the changes I made in squid3.5 are related to sth which let normal users run this snap in strict confinement mode.

Strict confinement gives you the following readable and/or writable paths:
1. /snap/<snap>/<revision> (read-only, snap install path)
    Hence I need to pre-append $SNAP to the following file path to make these files can be found and read by squid.
     *mime table file
     *error template file.
     *conf file
     *icon directory
2./var/snap/<snap>/<revision> (read/write, per-revision data)
    Hence I need to pre-append $SNAP_DATA to the pid file path to make sure it's in writable path.
3.As all services run as root due to confinement in snap world
    Hence I need to get rid of setresuid/setuid/setgid sys call otherwise appapmor denies occurs.
4. In order to make shm_open available in snap world, need to make share memory file name declared according to the required namespace
     Please see https://bugs.launchpad.net/snappy/+bug/1653955

If any above changes are not made, squid daemon failed to run in strict confinement mode.
Snap that can only read and write in its own namespace is recommended and enforced, if we wanna publish it into stable channel.
That's why I made this change here.