[3.x] Update samba profiles

Merged Christian Boltz requested to merge cboltz/apparmor:cboltz-samba-3.x into apparmor-3.1

samba-dcerpcd requires access to /var/cache/samba/names.tdb.

audit: type=1400 audit(1676835286.187:62): apparmor="DENIED" operation="open" profile="samba-dcerpcd" name="/var/cache/samba/names.tdb" pid=6948 comm="samba-dcerpcd" requested_mask="wrc" denied_mask="wrc" fsuid=0 ouid=0

See also https://bbs.archlinux.org/viewtopic.php?id=281411

Since usr.sbin.winbindd already has a rule for it, and usr.sbin.nmbd has similar ones, simply add /var/cache/samba/*.tdb rwk to abstractions/samba.

(cherry picked from commit 763c4ecd, with cleanup of now-superfluous rules in usr.sbin.nmbd and usr.sbin.winbindd dropped)

Also allow access to samba pid files directly in /run/

This is a backport of !987 (merged), with the cleanup of now-superfluous rules removed.

I propose this patch for 3.x (also for 2.13 if it cleanly applies)