Functional testing for AppArmor profile configuration errors

[emkll]

Description

As a continuation of https://github.com/freedomofpress/securedrop/issues/5646 , it would be helpful to detect AppArmor in an automated fashion (ideally in CI). There have been several instances of AppArmor errors slowing down QA/release cycles:

• https://github.com/freedomofpress/securedrop/issues/5703
• https://github.com/freedomofpress/securedrop/issues/5086
• https://github.com/freedomofpress/securedrop/issues/5031
• https://github.com/freedomofpress/securedrop/issues/4470
• https://github.com/freedomofpress/securedrop/issues/4161

Per https://github.com/freedomofpress/securedrop/issues/5703#issuecomment-760547103 , the existing testinfra tests will detect AppArmor errors, provided the functional tests have sufficient coverage of the codebase, running these functional tests and then running the testinfra suite may be sufficient here.

[eloquence]

We could do this as a nightly CI job, as part of staging-test-with-rebase or its own job. This would have caught an issue that was only detected early in the SD 2.3.0 QA cycle. Putting in near-term backlog per chat with Kev.

[zenmonkeykstop]

I think I either misremembered or misspoke - the functional tests do run in Tor Browser but they do not include functionality (that I can find) to run against a staging or prod instance. Going by the README in tests/functional, it did work at one stage.