Fix and simplify setting SFS_MOUNTPOINT

Instead of setting SFS_MOUNTPOINT in is_apparmor_loaded() (which is
called in most cases) and in is_container_with_internal_policy() (which
covers/fixes the remaining cases), set it globally.

This also fixes a bug in is_container_with_internal_policy() (introduced
in f10e72a14f) where the variable
definition tried to use the no longer existing $MODULE variable and
therefore got a wrong path for $SFS_MOUNTPOINT.

Besides this bug, there's a minor behaviour change / improvement if
securityfs isn't mounted - "file not found" error messages will now
contain the full/correct path ;-)

This change/cleanup is a follow-up of
https://gitlab.com/apparmor/apparmor/merge_requests/363 and some IRC
discussions 2019-04-16.

parser/rc.apparmor.functions

@@ -49,6 +49,7 @@ if [ -d "$ADDITIONAL_PROFILE_DIR" ]; then
 fi
 AA_STATUS=/usr/sbin/aa-status
 SECURITYFS=/sys/kernel/security
+SFS_MOUNTPOINT="${SECURITYFS}/apparmor"
 
 # keep exit status from parser during profile load.  0 is good, 1 is bad
 STATUS=0
@@ -81,7 +82,6 @@ is_apparmor_present() {
 is_container_with_internal_policy() {
 	# this function is sometimes called independently of
 	# is_apparmor_loaded(), so also define this here.
-	SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
 	local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
 	local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
 	local ns_stacked
@@ -264,8 +264,7 @@ is_apparmor_loaded() {
 		mount_securityfs
 	fi
 
-	if [ -f "$SECURITYFS/apparmor/profiles" ]; then
-		SFS_MOUNTPOINT="$SECURITYFS/apparmor"
+	if [ -f "${SFS_MOUNTPOINT}/profiles" ]; then
 		return 0
 	fi