[apparmor] dynamic profiles

[John Johansen]

> 
> I wasn't clear. I was not saying that no leading '/' automatically means
> it is dynamic, but rather that we can document how to do dynamic
> profiles (perhaps giving direction, if warranted), and if they are done
> in the same manner as libvirt, we could consider them dynamic. I forgot
> about the 'px ->' case anyway, so it doesn't matter and I agree we
> should look at other options.
> 
Ah, okay I definitely didn't get that out of it.

Funny thing is using '/' to distinguish which profiles to auto remove
should work as a stop gap solution.  Like I said worse case scenario
is some profiles don't get removed, but they won't auto attach.