Make ioctl rule and interactive setuid optional.
The key modification here is to remove support for 'setuid' downscoping in cases where an interactive terminal is found. This allows us to make more restrictive seccomp rules optional and avoid impacting our primary supported workflows (gitlab-runner -> jacamar-auth manage via systemd).
Edited by Paul Bryant