Whitelist runuser common (#3286)

* introduce whitelist-runuser-common.inc

 * If an applications does not need a whitelist it can/should be
   nowhitelisted. Example:

     nowhitelist ${RUNUSER}/pulse
     include whitelist-runuser-common.inc

 * ${RUNUSER}/bus is inaccessible with nodbus regardless of the
   whitelist. (as it should)

 * strange wayland setups with an second wayland-compostior need to
   whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on.

 * some display-manager store there Xauthority file in ${RUNUSER}.
   test results with fedora 31:
   - ssdm: ~/.Xauthority is used
   - lightdm: /run/lightdm/USER/Xauthority
   - gdm: /run/user/UID/gdm/Xauthority

 * IMPORTANT: ATM we can only enable this for non-graphical and GTK3
   programs because mutter (GNOMEs window-manger) stores the Xauthority
   file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX
   where XXXXXX is random. Until we have whitelist globbing we can't
   whitelist this file. QT/KDE and other toolkits without full wayland
   support won't be able to start.

* wru update 1

- add wru to more profiles.
- blacklist ${RUNUSER} works for the most cli programs too.

* add wruc to more profiles

* fixes

* fixes

* wruc: hide pulse pid

* update

* remove wruc from all the x11 profiles

* fixes

* fix ordering

* read-only

* revert read-only

* update

*

etc/youtube-dl.profile

@@ -22,6 +22,7 @@ include allow-python3.inc
 
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc