[pkg-apparmor] Bug#901459: Add autopkgtests to load policy

[intrigeri]

> 1. Run the same tests as what we run at build time already (see
>    override_dh_auto_test); they don't mess with the kernel, and don't
>    require AppArmor to be enabled. This ensures that parser updates
>    don't conflict with the policy we ship.

I've repurposed #866368 to track this.

> 2. Actually load the profiles in the kernel, to ensure that kernel
>    updates don't conflict with the policy we ship: autopkgtests have
>    support for rebooting with a custom kernel command-line (see e.g.
>    how tests in src:linux work), so I believe we "just" have to
>    install apparmor-profiles-extra + apparmor packages, reboot with
>    AppArmor enabled, and check with systemctl that apparmor.service
>    has successfully started, which should ensure that all profiles we
>    ship have been compiled+loaded successfully.

That's what this new, cloned bug is about.

> Then we could do exactly the same in src:apparmor.

Still the case for both iterations.

Cheers,
-- 
intrigeri