fix(apparmor): Fix font-related denies on openSUSE

Add file rules to fix numerous AppArmor denies related to fonts.

security/apparmor/2.12.1/usr.bin.qtox

@@ -226,6 +226,10 @@ profile qtox /usr{,/local}/bin/qtox {
   # so we deny this path to protect from loading exploits from /tmp.
   deny /tmp/#[0-9][0-9][0-9][0-9][0-9] m,
 
+  # libfontconfig bug? Should not write to root-owned dirs.
+  deny /usr/share/fonts/** w,
+  deny /var/cache/fontconfig/ w,
+
   # System files
 
   /usr/share/hunspell/* r,
@@ -276,6 +280,7 @@ profile qtox /usr{,/local}/bin/qtox {
   owner /{,var/}run/user/[0-9]*[0-9]/qTox*.slave-socket rwl -> /{,var/}run/user/[0-9]*[0-9]/#[0-9]*[0-9], # file dialog
   owner @{HOME}/.cache/Tox/ w,
   owner @{HOME}/.cache/Tox/qTox/{,**} rw,
+  owner @{HOME}/.cache/fontconfig/** rwk,
   owner @{HOME}/.cache/qTox/{,**} rw,
   owner @{HOME}/.cache/thumbnails/** rw, # receiving image file produces thumbnail?
   owner @{HOME}/.config/menus/ r, # file dialog
@@ -285,6 +290,9 @@ profile qtox /usr{,/local}/bin/qtox {
   owner @{HOME}/.config/qToxrc.lock rwk,
   owner @{HOME}/.config/tox/** l -> @{HOME}/.config/tox/**, # QSaveFile?
   owner @{HOME}/.config/tox/{,**} rwk,
+  owner @{HOME}/.fonts/.uuid* rw,
+  owner @{HOME}/.fonts/.uuid.* l -> @{HOME}/.fonts/.uuid.*,
+  owner @{HOME}/.fonts/.uuid.*/ rw,
   owner @{HOME}/.local/share/qTox/{,**} rw,
   owner @{HOME}/.local/share/user-places.xbel r, # file dialog
   owner @{PROC}/@{pid}/cmdline r,

security/apparmor/2.13.2/usr.bin.qtox

@@ -233,6 +233,10 @@ profile qtox /usr{,/local}/bin/qtox {
   # so we deny this path to protect from loading exploits from /tmp.
   deny /tmp/#[0-9][0-9][0-9][0-9][0-9] m,
 
+  # libfontconfig bug? Should not write to root-owned dirs.
+  deny /usr/share/fonts/** w,
+  deny /var/cache/fontconfig/ w,
+
   # System files
 
   /usr/share/hunspell/* r,
@@ -283,6 +287,7 @@ profile qtox /usr{,/local}/bin/qtox {
   owner /{,var/}run/user/@{uid}/qTox*.slave-socket rwl -> /{,var/}run/user/@{uid}/#[0-9]*[0-9], # file dialog
   owner @{HOME}/.cache/Tox/ w,
   owner @{HOME}/.cache/Tox/qTox/{,**} rw,
+  owner @{HOME}/.cache/fontconfig/** rwk,
   owner @{HOME}/.cache/qTox/{,**} rw,
   owner @{HOME}/.cache/thumbnails/** rw, # receiving image file produces thumbnail?
   owner @{HOME}/.config/menus/ r, # file dialog
@@ -292,6 +297,9 @@ profile qtox /usr{,/local}/bin/qtox {
   owner @{HOME}/.config/qToxrc.lock rwk,
   owner @{HOME}/.config/tox/** l -> @{HOME}/.config/tox/**, # QSaveFile?
   owner @{HOME}/.config/tox/{,**} rwk,
+  owner @{HOME}/.fonts/.uuid* rw,
+  owner @{HOME}/.fonts/.uuid.* l -> @{HOME}/.fonts/.uuid.*,
+  owner @{HOME}/.fonts/.uuid.*/ rw,
   owner @{HOME}/.local/share/qTox/{,**} rw,
   owner @{HOME}/.local/share/user-places.xbel r, # file dialog
   owner @{PROC}/@{pid}/cmdline r,