Only allow host openat(2) syscalls with O_NOFOLLOW with directfs.

Updates the directfs seccomp filters to ensure that all openat(2) host syscalls have O_NOFOLLOW bit set. This would ensure that we don't follow a symlink in the host filesystem by mistake. The gofer client currently always uses O_NOFOLLOW. But this will help prevent any malicious usage of openat(2) if the sandbox is compromised somehow. The container filesystem is well-isolated from the host filesystems using pivot_root(2). So following a host symlink from sandbox context should still not escape the container. But this provides an additional layer of security. PiperOrigin-RevId: 523839219

Author: ayushr2

runsc/boot/filter/config.go

@@ -416,7 +416,7 @@ func hostFilesystemFilters() seccomp.SyscallRules {
  {
 validFDCheck,
  seccomp.MatchAny{},
- seccomp.MatchAny{},
+seccomp.MaskedEqual(unix.O_NOFOLLOW, unix.O_NOFOLLOW),
  seccomp.MatchAny{},
  },
  },