Add that `/var/run` or subpaths cannot be exposed when symlinked on host

[bbhtt]

Flatpak internally sets up a /var/run to /run symlink https://github.com/flatpak/flatpak/blob/fd1b7e444016d1b44bdab7cb5642b0ac83bd4b9e/common/flatpak-run.c#L2281. If it is symlinked on host too, when using --filesystem=var/run/subpath bwrap gets called twice to create the same symlink and the second one will fail.

See also https://github.com/containers/bubblewrap/commit/4109d59251fdb0800cf7e742791ba2b35a1f0f25