seahorse refactoring (#5543)

* seahorse: fixes and hardening

* seahorse-daemon: hardening

* seahorse-tool: move private-etc items to seahorse

* seahorse: unbreak nautilus file encryption

As suggested [in review](https://github.com/netblue30/firejail/pull/5543#pullrequestreview-1225250520).

* seahorse-tool: move private-tmp to seahorse

* seahorse: add private-tmp

* seahorse: fix access to ssh-agent socket

etc/profile-m-z/seahorse-daemon.profile

@@ -8,6 +8,9 @@ include seahorse-daemon.local
 # added by included profile
 #include globals.local
 
+blacklist ${RUNUSER}/wayland-*
+include disable-X11.inc
+
 memory-deny-write-execute
 
 # Redirect

etc/profile-m-z/seahorse-tool.profile

@@ -7,9 +7,5 @@ include seahorse-tool.local
 # added by included profile
 #include globals.local
 
-# private-etc workaround for: #2877
-private-etc alternatives,firejail,ld.so.cache,ld.so.preload,login.defs,passwd
-private-tmp
-
 # Redirect
 include seahorse.profile

etc/profile-m-z/seahorse.profile

@@ -6,8 +6,6 @@ include seahorse.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-
 noblacklist ${HOME}/.gnupg
 
 # Allow ssh (blacklisted by disable-common.inc)
@@ -59,12 +57,14 @@ tracelog
 disable-mnt
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,login.defs,nsswitch.conf,pango,passwd,pkcs11,pki,protocols,resolv.conf,rpc,services,ssh,ssl,xdg
+private-tmp
 writable-run-user
 
 dbus-user filter
 dbus-user.own org.gnome.seahorse
 dbus-user.own org.gnome.seahorse.Application
+dbus-user.talk ca.desrt.dconf
 dbus-user.talk org.freedesktop.secrets
 dbus-system none