Add infrastructure to support enabling userns restrictions via sysctl.d file

As per https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626, the apparmor binary package should provide a file named /usr/lib/sysctl.d/10-apparmor.conf that contains the following contents:

# AppArmor restrictions of unprivileged user namespaces
# Restrict the use of unprivileged user namespaces to applications
# which have an AppArmor profile loaded which specifies the userns
# permission. All other applications (whether confined by AppArmor
# or not) will be denied the use of unprivileged user namespaces.
#
# See https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
#
# If it is desired to disable this restriction, it is preferable to
# create an additional file named /etc/sysctl.d/20-apparmor.conf
# which will override this current file and sets this value to 0
# rather than editing this current file
# THIS IS CURRENTLY DISABLED BUT WILL BE ENABLED IN A FUTURE UPLOAD
# AS DETAILED ABOVE
kernel.apparmor_restrict_unprivileged_userns = 0

If we enable this currently it would then cause existing applications which use unprivileged user namespaces in Ubuntu to fail - as such, this file will set the sysctl to 0 for now and will be updated in a future upload to enable it, along with a set of apparmor profiles for the various applications in the Ubuntu archive which require the use of unprivileged user namespaces.