Fix torrc renaming with hardened AppArmor policy

On current bugfix/8007-AppArmor-hardening, some use cases that require Tor Launcher (and in turn, that need to rename torrc and replace it) fail, as shown by failures in bridge mode in time_syncing.feature.

Preliminary analysis:

there’s no AppArmor denial log in dmesg; but it works just fine both if AppArmor is disabled, and when adding flags=(complain) to the system_tor profile; weird
in some cases (e.g. bridge mode with a correct clock), failure to rename torrc is not fatal: tor is still successfully configured via the control port, and can thus bootstrap — but if tor is restarted, e.g. because of a wrong clock, then it can’t bootstrap since torrc still has DisableNetwork 1 and lacks the PTs configuration

It might have something to do with the weird AppArmor userspace (with WIP patches for improved alias support) we’re shipping in Tails/Wheezy => could be worth retrying in Tails/Jessie, or in Tails/Wheezy with Jessie’s AppArmor userspace backported for Wheezy.

Feature Branch: bugfix/8007-AppArmor-hardening

Parent Task: #9756 (closed)

Original created by @intrigeri on 9537 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information