seccomp: allow 'rseq' syscall in default seccomp profile

Restartable Sequences (rseq) are a kernel-based mechanism for fast
update operations on per-core data in user-space. Some libraries, like
the newest version of Google's TCMalloc, depend on it [1].

This also makes dockers default seccomp profile on par with systemd's,
which enabled 'rseq' in early 2019 [2].

1: https://google.github.io/tcmalloc/design.html
2: https://github.com/systemd/systemd/pull/12133/commits/6fee3be0b4929d5641bf1c850fce7884b6d1e44e

Signed-off-by: Florian Schmaus <flo@geekplace.eu>

profiles/seccomp/default.json

@@ -262,6 +262,7 @@
 				"renameat2",
 				"restart_syscall",
 				"rmdir",
+				"rseq",
 				"rt_sigaction",
 				"rt_sigpending",
 				"rt_sigprocmask",

profiles/seccomp/seccomp_default.go

@@ -255,6 +255,7 @@ func DefaultProfile() *types.Seccomp {
 				"renameat2",
 				"restart_syscall",
 				"rmdir",
+				"rseq",
 				"rt_sigaction",
 				"rt_sigpending",
 				"rt_sigprocmask",