Keep audio and video groups regardless of nogroups

Currently, on systems that use seat managers that do not implement
seat-based ACLs (such as seatd), sound is broken whenever `nogroups` is
used.  This happens because without ACLs, access to the audio devices in
/dev is controlled by the standard group permissions and the "audio"
group is always dropped when `nogroups` is used.  This patch makes the
"audio" and "video" groups be dropped if and only if `noaudio` and
`novideo` are in effect, respectively (and independently of `nogroups`).
See #4603 and the linked issues/discussions for details.

Note: This is a continuation of commit ea564eb74 ("Consider nosound and
novideo when keeping groups") / PR #4632.

Relates to #2042 and #4531.

src/firejail/main.c

@@ -3134,9 +3134,28 @@ int main(int argc, char **argv, char **envp) {
 		sprintf(ptr, "%d %d 1\n", gid, gid);
 		ptr += strlen(ptr);
 
+		gid_t g;
+		// add audio group
+		if (!arg_nosound) {
+			g = get_group_id("audio");
+			if (g) {
+				sprintf(ptr, "%d %d 1\n", g, g);
+				ptr += strlen(ptr);
+			}
+		}
+
+		// add video group
+		if (!arg_novideo) {
+			g = get_group_id("video");
+			if (g) {
+				sprintf(ptr, "%d %d 1\n", g, g);
+				ptr += strlen(ptr);
+			}
+		}
+
 		if (!arg_nogroups) {
 			// add firejail group
-			gid_t g = get_group_id("firejail");
+			g = get_group_id("firejail");
 			if (g) {
 				sprintf(ptr, "%d %d 1\n", g, g);
 				ptr += strlen(ptr);
@@ -3149,24 +3168,6 @@ int main(int argc, char **argv, char **envp) {
 				ptr += strlen(ptr);
 			}
 
-			// add audio group
-			if (!arg_nosound) {
-				g = get_group_id("audio");
-				if (g) {
-					sprintf(ptr, "%d %d 1\n", g, g);
-					ptr += strlen(ptr);
-				}
-			}
-
-			// add video group
-			if (!arg_novideo) {
-				g = get_group_id("video");
-				if (g) {
-					sprintf(ptr, "%d %d 1\n", g, g);
-					ptr += strlen(ptr);
-				}
-			}
-
 			// add games group
 			g = get_group_id("games");
 			if (g) {