Allow access to possible cpus for glibc-2.36

Glibc in 2.36 and later will [1] access sysfs at
/sys/devices/system/cpu/possible when usig sysconf
for _SC_NPROCESSORS_CONF.

That will make a lot of different code, for example
anything linked against libnuma, trigger this apparmor
denial.

  apparmor="DENIED" operation="open" class="file" ...
  name="/sys/devices/system/cpu/possible" ...
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This entry seems rather safe, and it follows others
that are already in place. Instead of fixing each
software individually this should go into the base
profile as well.

Initially reported via
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/267
MR: none - ML
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit c159d0925a2c016a39c27b9c6587d9c41114fdf9)
Signed-off-by: John Johansen <john.johansen@canonical.com>

profiles/apparmor.d/abstractions/base

@@ -94,6 +94,7 @@
   @{PROC}/cpuinfo                r,
   @{sys}/devices/system/cpu/       r,
   @{sys}/devices/system/cpu/online r,
+  @{sys}/devices/system/cpu/possible r,
 
   # glibc's *printf protections read the maps file
   @{PROC}/@{pid}/{maps,auxv,status} r,