parser: add special casing for detached move mounts

upsteam move_mount mediation now allows for a detached (disconnected)
mount to be move mounted into a namespace.

Add support for this by detecting 'detached' as a keyword for the
source/device and using it to create a null match. Because existing
mount encoding using a null separator between the mount terms null
match followed by the null seperator will separate detached mounts
within the existing encoding.

Eg.
  mount detached -> /destination,
  mount options=(ro) fstype=ext4 detached -> /destination,

This is functionally equivalent to using

  mount "" -> /destination,

However using "" does not provide any context that about what the rule is allowing or why so the 'detached' form is preferred.

This is not a perfect solution, but is what can be currently supported
by the kernel without more LSM hooks.

On kernels that don't support detached mount detection, rules using
the detached souce conditional will be ignored (never matched).

This encoding also allows the existing

  mount,
  mount options=(move),
  mount options=(move) -> /destination,

to continue to work with both detached and regular mounts on kernels
that support the move_mount() syscall.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit fa0746f2e2)
Signed-off-by: John Johansen <john.johansen@canonical.com>

parser/parser_common.c

@@ -73,6 +73,7 @@ int features_supports_inet = 0; 	/* kernel supports inet network rules */
 int features_supports_unix = 0;		/* kernel supports unix socket rules */
 int kernel_supports_policydb = 0;	/* kernel supports new policydb */
 int features_supports_mount = 0;	/* kernel supports mount rules */
+bool features_supports_detached_mount = false;
 int features_supports_dbus = 0;		/* kernel supports dbus rules */
 int kernel_supports_diff_encode = 0;	/* kernel supports diff_encode */
 int features_supports_signal = 0;	/* kernel supports signal rules */