Introduce 'final_name' to hashlog and handle exec choices

'final_name' by default is the profile name, but ask_exec() will change
it for the target profile (which is a null-* profile at this stage)
based on exec mode choice. ask_addhat() will also change it based on the
chosen hat.

Choosing "deny" or "unconfined" will result in an empty final_name and
ignoring these log events.

All other choices set final_name to the full profile name ("foo" for Px,
"foo//bar" for Cx, current profile for ix).

Also fix the order of handling log events - since ask_exec() changes the
hashlog final_name, it has to run first so that ask_addhat() (which
"only" adjusts the hat name in final_name) and handle_hashlog() can work
with the updated profile name.

Finally, update test-libapparmor-test_multi.py to ignore final_name when
checking if hashlog is empty, and fix the call order of ask_exec() etc.

utils/test/test-libapparmor-test_multi.py

@@ -237,9 +237,9 @@ def logfile_to_profile(logfile):
     log_reader = ReadLog(logfile, apparmor.aa.active_profiles, '')
     hashlog = log_reader.read_log('')
 
-    apparmor.aa.handle_hashlog(hashlog)
     apparmor.aa.ask_exec(hashlog)
     apparmor.aa.ask_addhat(hashlog)
+    apparmor.aa.handle_hashlog(hashlog)
 
     log_dict = apparmor.aa.collapse_log()
 
@@ -261,6 +261,8 @@ def logfile_to_profile(logfile):
     for tmpaamode in hashlog:
         for tmpprofile in hashlog[tmpaamode]:
             for tmpruletype in hashlog[tmpaamode][tmpprofile]:
+                if tmpruletype == 'final_name' and hashlog[tmpaamode][tmpprofile]['final_name'] == tmpprofile:
+                    continue  # final_name is a copy of the profile name (may be changed by ask_exec(), but that won't happen in this test)
                 if hashlog[tmpaamode][tmpprofile][tmpruletype]:
                     log_is_empty = False