libvirt qemu apparmor rule missing directory for spice SASL

This bug is similar in spirit to LP #'s 901272 & 1690140. The default proposed file for the SASL user DB is denied access by apparmor:
---
root # sed -n '/default SASL/,/qemu.conf/p' /etc/libvirt/qemu.conf
# The default SASL configuration file is located in /etc/sasl2/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location

root # grep \#sasldb_path /etc/sasl2/libvirt.conf
#sasldb_path: /etc/libvirt/passwd.db
---

When using this proposed file, apparmor denies read access by the VM:
---
Jan 04 15:20:20 easy-wombat kernel: audit: type=1400 audit(1672845620.164:67): apparmor="DENIED" operation="open" profile="libvirt-65349c54-1e3f-410a-a000-0ce15f93b8ba" name="/etc/libvirt/passwd.db" pid=1667 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
---

It would be nice if this default proposed location worked out of the box in apparmor.

Software Versions:
root # lsb_release -rd
Description: Ubuntu 20.04.5 LTS
Release: 20.04
root # apt-cache policy libvirt-daemon-system
libvirt-daemon-system:
  Installed: 6.0.0-0ubuntu8.16
  Candidate: 6.0.0-0ubuntu8.16
  Version table:
 *** 6.0.0-0ubuntu8.16 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     6.0.0-0ubuntu8 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages