Update seccompiler to use libseccomp

[ShadowCurse]

Changes

Replace our custom implementation of a seccompiler with libseccomp.
By out test, libseccomp produces ~65% smaller binaries which is very beneficial as we embed the combination of those into the Firecracker.

In order to interact with libseccomp we add custom bindings which contain only the needed set of methods, constants needed for our use case. This simplifies the maintenance and avoids adding dependencies.

Reason

libseccomp provides better quality compiler for BPF seccomp programs than our current implementation.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• If a specific issue led to this PR, this PR closes the issue.
• When making API changes, I have followed the
  Runbook for Firecracker API changes.
• I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

Attention: Patch coverage is 23.16602% with 199 lines in your changes missing coverage. Please review.

Project coverage is 83.07%. Comparing base (9ac6f3a) to head (81eff58).
Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
src/seccompiler/src/lib.rs	0.00%	92 Missing ⚠️
src/seccompiler/src/types.rs	0.00%	80 Missing ⚠️
src/seccompiler/src/bin.rs	0.00%	13 Missing ⚠️
src/vmm/src/seccomp.rs	89.06%	7 Missing ⚠️
src/seccompiler/src/bindings.rs	0.00%	6 Missing ⚠️
src/vmm/src/builder.rs	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4926      +/-   ##
==========================================
- Coverage   83.95%   83.07%   -0.89%     
==========================================
  Files         248      244       -4     
  Lines       27839    26634    -1205     
==========================================
- Hits        23371    22125    -1246     
- Misses       4468     4509      +41     

Flag	Coverage Δ
5.10-c5n.metal	83.59% <23.16%> (-0.94%)	⬇️
5.10-m5n.metal	83.57% <23.16%> (-0.94%)	⬇️
5.10-m6a.metal	82.78% <23.16%> (-1.02%)	⬇️
5.10-m6g.metal	79.44% <23.16%> (-1.20%)	⬇️
5.10-m6i.metal	83.56% <23.16%> (-0.95%)	⬇️
5.10-m7g.metal	79.44% <23.16%> (-1.20%)	⬇️
6.1-c5n.metal	83.58% <23.16%> (-0.94%)	⬇️
6.1-m5n.metal	83.57% <23.16%> (-0.95%)	⬇️
6.1-m6a.metal	82.79% <23.16%> (-1.02%)	⬇️
6.1-m6g.metal	79.43% <23.16%> (-1.20%)	⬇️
6.1-m6i.metal	83.56% <23.16%> (-0.95%)	⬇️
6.1-m7g.metal	79.44% <23.16%> (-1.19%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[alindima]

libseccomp provides better quality compiler for
bpf seccomp programs than our current implementation.

I'm curious, what does this mean? and how was this evaluated?

[roypat]

(just resolved merge conflict so there's a chance my approval will survive me going on vacation)