Comment 7 for bug 1786168

So instead of the defined list that [1] was for it now tries to preserve al lmounts under /dev.
Since we can't know all the combinations that might be, but trust libvirt with a rather lenient profile anyway lets tweak the rules to match what it does now.

While doing so it might carry a trailing / from the mountpoint.
E.g. /dev/hugepages/ is used with trailing /, but /dev/console is not.
So allow both.

Further libvirt will strip the mount to a simple pathname without subdirs.
For example:
  /dev/net/tun -> /var/run/libvirt/qemu/1-kvmguest-cosmic-norm.net.tun

Therefore an appropriate and in tests working rule would be:

  # libvirt provides any mounts under /dev to qemu namespaces
  mount options=(rw, move) /dev/ -> /{var/,}run/libvirt/qemu/*.dev/,
  mount options=(rw, move) /dev/**{/,} -> /{var/,}run/libvirt/qemu/*{/,},
  mount options=(rw, move) /{var/,}run/libvirt/qemu/*.dev/ -> /dev/,
  mount options=(rw, move) /{var/,}run/libvirt/qemu/*{/,} -> /dev/**{/,},

[1]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=3343ab0cd99c04761c17a36d9af354536df9e741