profiles: sort blacklist sections (#6289)

See etc/templates/profile.template.

This is a follow-up to #6286.

etc/profile-a-l/bpftop.profile

@@ -7,8 +7,8 @@ include bpftop.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc

etc/profile-a-l/cloneit.profile

@@ -7,8 +7,8 @@ include cloneit.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc

etc/profile-a-l/deadlink.profile

@@ -6,8 +6,8 @@ include deadlink.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 noblacklist ${HOME}/.config/deadlink
 

etc/profile-a-l/dexios.profile

@@ -7,8 +7,8 @@ include dexios.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc

etc/profile-a-l/editorconfiger.profile

@@ -6,8 +6,8 @@ include editorconfiger.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 include disable-common.inc
 include disable-devel.inc

etc/profile-a-l/kdiff3.profile

@@ -12,8 +12,8 @@ noblacklist ${HOME}/.config/kdiff3rc
 # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc.
 # By default we deny access only to .ssh and .gnupg.
 #include disable-common.inc
-blacklist ${HOME}/.ssh
 blacklist ${HOME}/.gnupg
+blacklist ${HOME}/.ssh
 
 include disable-devel.inc
 include disable-exec.inc

etc/profile-m-z/makepkg.profile

@@ -20,11 +20,11 @@ blacklist ${RUNUSER}/wayland-*
 noblacklist ${HOME}/.gnupg
 read-only ${HOME}/.gnupg/trustdb.gpg
 read-only ${HOME}/.gnupg/pubring.kbx
-blacklist ${HOME}/.gnupg/random_seed
-blacklist ${HOME}/.gnupg/pubring.kbx~
-blacklist ${HOME}/.gnupg/private-keys-v1.d
 blacklist ${HOME}/.gnupg/crls.d
 blacklist ${HOME}/.gnupg/openpgp-revocs.d
+blacklist ${HOME}/.gnupg/private-keys-v1.d
+blacklist ${HOME}/.gnupg/pubring.kbx~
+blacklist ${HOME}/.gnupg/random_seed
 
 # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only.
 noblacklist /var/lib/pacman

etc/profile-m-z/statusof.profile

@@ -7,8 +7,8 @@ include statusof.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc

etc/profile-m-z/textroom.profile

@@ -6,8 +6,8 @@ include textroom.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}/wayland-*
+blacklist /usr/libexec
 
 noblacklist ${HOME}/.config/textroom
 

etc/profile-m-z/torbrowser.profile

@@ -12,8 +12,8 @@ ignore dbus-user none
 noblacklist ${HOME}/.cache/mozilla
 noblacklist ${HOME}/.mozilla
 
-blacklist /usr/libexec
 blacklist /sys/class/net
+blacklist /usr/libexec
 
 mkdir ${HOME}/.cache/mozilla/torbrowser
 mkdir ${HOME}/.mozilla

etc/profile-m-z/tvnamer.profile

@@ -6,8 +6,8 @@ include tvnamer.local
 # Persistent global definitions
 include globals.local
 
-blacklist /usr/libexec
 blacklist ${RUNUSER}
+blacklist /usr/libexec
 
 noblacklist ${HOME}/.config/tvnamer
 noblacklist ${VIDEOS}