create a new syscall group: @program-keep

`@default-keep` should be used for syscalls used by Firejail itself only.
We are moving some syscalls from `@default-keep` that do not meet this condition into the new group `@program-keep`.
Syscalls in `@program-keep` are not forced to whitelist (we let users decide), but should never be present in `@default` and its sub-groups.

Also move `execv` into `@obsolete` (sparc only, replaced by `execve`).

contrib/syntax/lists/syscall_groups.list

@@ -20,6 +20,7 @@ network-io
 obsolete
 privileged
 process
+program-keep
 raw-io
 reboot
 resources