Handle mount events/log entries without class

audit.log entries for mount events don't always include `class=mount`,
but can still be the base for mount rules.

Change logparser.py to also consider `operation=mount` as a mount event.

Actually we already had such a log and profile in our collection
(testcase_mount_01), but since it existed years before MountRule was
implemented, it was excluded in test-libapparmor-test_multi.py.
Therefore we didn't notice that it failed to produce a profile rule when
MountRule was introduced.

Remove testcase_mount_01 from the list of known failures so that it gets
tested - and fix the syntax error in the hand-written
testcase_mount_01.profile.

Also add testcase_mount_02 which is a mount event without fstype,
srcname and class.

utils/test/test-libapparmor-test_multi.py

@@ -153,8 +153,6 @@ log_to_skip = [
 
 # tests that do not produce the expected profile (checked with assertNotEqual)
 log_to_profile_known_failures = [
-    'testcase_mount_01',  # mount rules not yet supported in logparser
-
     'testcase_pivotroot_01',  # pivot_rot not yet supported in logparser
 
     # exec events
@@ -177,7 +175,6 @@ log_to_profile_skip = [
 # tests that cause an empty log
 log_to_profile_known_empty_log = [
     'change_onexec_lp1648143',  # change_onexec not supported in logparser.py yet (and the log is about "no new privs" error)
-    'testcase_mount_01',  # mount rules not supported in logparser
     'testcase_pivotroot_01',  # pivotroot not yet supported in logparser
     'ptrace_garbage_lp1689667_1',  # no denied= in log
     'ptrace_no_denied_mask',  # no denied= in log