Handle mount events/log entries without class

audit.log entries for mount events don't always include class=mount, but can still be the base for mount rules.

Change logparser.py to also consider operation=mount as a mount event.

Actually we already had such a log and profile in our collection (testcase_mount_01), but since it existed years before MountRule was implemented, it was excluded in test-libapparmor-test_multi.py. Therefore we didn't notice that it failed to produce a profile rule when MountRule was introduced.

Remove testcase_mount_01 from the list of known failures so that it gets tested - and fix the syntax error in the hand-written testcase_mount_01.profile.

Also add testcase_mount_02 which is a mount event without fstype, srcname and class.

I propose this fix for 4.0 and master.