Comment 1 for bug 1843392

This is similar to https://forum.snapcraft.io/t/cant-load-security-device-in-firefox-snap/12471.

You probably already know that, but just in case: running /snap/chromium/current/usr/lib/chromium-browser/chrome directly results in bypassing the snapd sandbox, so it's never a good idea (other than for testing/debugging purposes).

The proposed approach to solve this that was discussed with the security team is:
 - stage common PKCS modules in the snap
 - add a layout for /usr/lib/pkcs11 pointing to a writeable area of the snap (e.g. $SNAP_USER_DATA/.local/lib)
 - on first run, copy the common PKCS modules to that writeable area
 - document that custom modules (and their dependencies?) should be manually copied to that directory
 - create a new interface (not auto-connected, that's okay) for access to /var/run/pcscd/pcscd.comm

I'm not familiar with how smart card readers work though, so feedback and suggestions are welcome.