profiles: add nautilus unconfined profile
Nautilus uses user namespaces to load thumbnails, hence it needs an unconfined profile when user namespaces are restricted from unconfined like other applications in MR #1123
Although nautilus has extensions that would allow opening a terminal from the nautilus interface, they do not inherit nautilus' AppArmor label, therefore the use of unconfined does not allow arbitrary use of unprivileged user namespaces using the nautilus label.
In addition this serves as a handle to uniquely identify them instead of unconfined to peers in policy.
Note that unconfined mode should be changed for default_allow when !1109 (merged) is merged.
Fixes: https://bugs.launchpad.net/bugs/2047256 Signed-off-by: Georgia Garcia georgia.garcia@canonical.com