apparmor: fix @{HOME}/.mozilla/firefox access for XML signing

the #include <abstractions/private-files-strict> bringing
"audit deny @{HOME}/.mozilla/** mrwkl," in actually denies everything here.
Use just <abstractions/private-files> and allow profiles.ini, secmod.db
and cert8.db.

At least opening the Digital Signatures dialog doesn't log apparmor DENIED
now...

Change-Id: Id557626fc26745841f0cca005d483fd1e6ac922d
Reviewed-on: https://gerrit.libreoffice.org/48264Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>

sysui/desktop/apparmor/program.soffice.bin

@@ -73,7 +73,7 @@
 #include <tunables/global>
 
 profile libreoffice-soffice INSTDIR-program/soffice.bin {
-  #include <abstractions/private-files-strict>
+  #include <abstractions/private-files>
 
   #include <abstractions/audio>
   #include <abstractions/bash>
@@ -175,7 +175,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
 
-  owner @{HOME}/.mozilla/firefox/** r,
+  owner @{HOME}/.mozilla/firefox/profiles.ini r,
+  owner @{HOME}/.mozilla/firefox/*/secmod.db r,
+  owner @{HOME}/.mozilla/firefox/*/cert8.db r,
   # there is abstractions/gnupg but that's just for gpg1...
   profile gpg {
     #include <abstractions/base>