Configure AppArmor if needed

[amdw]

In around October 2024, my GitHub Actions builds involving Selenium tests using Chrome as installed by this action started failing, with an error like the following:

selenium.common.exceptions.SessionNotCreatedException: Message: session not created: Chrome failed to start: exited normally.
  (session not created: DevToolsActivePort file doesn't exist)
  (The process started from chrome location /opt/hostedtoolcache/setup-chrome/chromium/stable/x64/chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.)

Based on conversations with Chromium developers in https://issues.chromium.org/issues/42323434#comment62 and onwards, it was demonstrated that the problem was caused by an AppArmor kernel module. Adding a step to the GitHub Actions build to disable this module was sufficient to fix the tests.

A repro for this problem may be found at https://github.com/amdw/selenium-repro. The main branch has the fix based on the workaround, while the pull request https://github.com/amdw/selenium-repro/pull/12 shows the failure.

The problem, along with a range of possible workarounds, is described in more detail here:

https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md

This was very confusing to debug. While the Chromium developer agreed to improve the Chrome error message here, I still think it would be great if this action could detect when AppArmor could create problems for the version of Chrome just installed, and apply a suitable workaround.

Even if this problem could be documented in the README, and an option provided to enable this behaviour on an opt-in basis, I believe it would be a considerable usability improvement.

Since the problem affects the ubuntu-latest image which must surely be one of the most widely used on the GitHub Actions platform, I believe this feature would help a great many users.

Many thanks!