Merge profiles: fusermount3 profile fixes for libfuse 3.17

After an upgrade to libfuse 3.17.1-rc0, autopkgtests started to fail
due to a missing x permission for /usr/bin/mount. After looking at the
source code for fusermount, I noticed that it does call /bin/mount and
/bin/umount in certain cases. These uses were already there in
previous versions of libfuse but I'm still not sure why it hasn't
triggered before.

To reproduce it:
```
sudo autopkgtest-buildvm-ubuntu-cloud -v -r questing
autopkgtest archivemount -U --apt-pocket=proposed=src:fuse3 --shell-fail -- qemu autopkgtest-questing-amd64.img
```

After the test fails, enter the vm by
```
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 10022 ubuntu@localhost
```

You can reproduce the test by running
```
cd /tmp/autopkgtest.*/build.*/src/
/tmp/autopkgtest.*/build.*/src/debian/tests/test
```

Note that ix for mount and umount were enough to make the autopkgtest
failures to start passing, but there could be issues in the future
regarding the use of fs specific mount binaries like
/usr/sbin/mount.fuse


Fixes: http://bugs.launchpad.net/bugs/2111845
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1716
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>

profiles/apparmor.d/fusermount3

@@ -32,10 +32,18 @@ profile fusermount3 /usr/bin/fusermount3 {
   mount fstype=fuse.revokefs-fuse options=(nosuid,nodev,rw) revokefs-fuse -> /var/tmp/flatpak-cache-*/**/,
   umount /var/tmp/flatpak-cache-*/**/,
 
+  # flatpak-builder uses rofiles-fuse
+  mount fstype=fuse.rofiles-fuse options=(nosuid,nodev,rw) {rofiles-fuse,/dev/fuse} -> /var/tmp/test-flatpak-*/**/,
+  umount /var/tmp/test-flatpak-*/**/,
+
   /dev/fuse rw,
 
+  # needed since libfuse 3.17.1-rc0 (LP: #2111845)
+  /usr/bin/mount ix,
+  /usr/bin/umount ix,
+
   @{etc_ro}/fuse.conf r,
-  @{PROC}/@{pid}/mounts r,
+  @{PROC}/@{pid}/{mounts,mountinfo} r,
 
   @{exec_path} mr,