Ship a pre-compiled AppArmor binary cache

Context: decreasing Tails startup time significantly would help us achieve our “Make it easier to switch between a Tails contextual identity and another identity outside of Tails” strategic planning goal.

One of the main reasons why Tails takes so long to start, especially on systems with few and/or not super fast CPU cores, is that we compile the AppArmor policy during every single boot. This is kinda dumb given this compilation will produce the same result every time, which should make any engineer immediately suggest “well, let’s cache this, mayyyyybe?”.

Caching the resulting pre-compiled policy was not straightforward until Stretch, inclusive. But all the pieces we need to do that are finally in place in Buster so we can finally do that! :)

Blueprint: https://tails.boum.org/contribute/design/application_isolation/#pre-compiled-AppArmor-policy

Feature Branch: feature/16138-pre-compiled-AppArmor-cache-buster

Related issues

Related to #16393 (closed)
Has duplicate #10120 (closed)
Blocked by #16390 (closed)

Original created by @intrigeri on 16138 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information