Fix bubblewrap

On some machines (like mine), `/proc` has to be mounted.  Also, since
sandboxing with bubblewrap is best effort and assumes that an attacker doesn't
have control outside of the file to clean, it's safe to __try__ to enable some
bubblewrap features, and to silently fail otherwise.
10 jobs for master in 13 minutes and 30 seconds (queued for 1 second)
Status Job ID Name Coverage
  Linting
passed #109213
linting:bandit

00:00:23

passed #109214
linting:codespell

00:00:21

passed #109217
linting:mypy

00:00:21

passed #109216
linting:pyflakes

00:00:20

passed #109215
linting:pylint

00:00:31

 
  Test
passed #109218
tests:archlinux

00:01:40

passed #109219
tests:debian

00:02:08

passed #109220
tests:debian_with_bubblewrap

00:03:00

100.0%
passed #109221
tests:fedora

00:03:03

passed #109222
tests:gentoo

00:08:13