Update seccomp profile

The profile is now based on the Docker default profile[0] as of this
commit[1].

This is intended to resolve issues where newer container images crashed
using the previous profile due to issues like `clone3` not being
supported properly (which had been fixed upstream[2]).

Most likely, we will need to continue manually updating this profile in
the future to avoid similar incompatibility issues. Initially, I tried
seeing whether we could retrieve the default profile directly from the
Docker package and apply our desired changes on top, but this is not
possible while retaining OS cross-compatibility, since the file that
exports the default profile is only compiled on Linux[3].

So, we'll most likely have to keep regenerating this file by hand from
time to time. I've started a practice of adding a "cmgr: " comment
to our customizations (inspired by this[4] upstream commit, which was
later reverted[5], possibly by accident?). If we continue this policy,
then the process of updating this file can be as simple as:

1. Retrieving the latest upstream default seccomp profile[0]
2. Merging in any statements with "cmgr: " comments from the existing file
3. Replacing the file with the new version

Currently, the only customizations are to allow any combination of the
UNAME26, ADDR_NO_RANDOMIZE, and PER_LINUX32 flags to the personality()
syscall.

[0]: https://github.com/moby/moby/blob/master/profiles/seccomp/default.json
[1]: moby/moby@891241e
[2]: moby/moby@9f6b562
[3]: https://github.com/moby/moby/blob/master/profiles/seccomp/seccomp_linux.go
[4]: ArmyCyberInstitute@9f7c686
[5]: ArmyCyberInstitute@bbae80d