This update for apparmor fixes the following issues:

AppArmor was updated to 2.10.4:

- parser: make sure cache write failure doesn't cause load failure
- parser: disable cache write on read-only filesystems
- add support for conditional includes ("include if exists")
- ignore "abi" rules in parser and tools (instead of erroring out)
- tools: fix writing alias and "link subset" rules
- remove group restriction in aa-notify (boo#1100779)
- ignore *.orig and *.rej files when loading profiles
- several bugfixes
- profile updates for samba (including boo#1092099), netstat, ntpd,
syslog-ng, mlmmj-sub, postalias and dovecot
- abstraction updates: audio, base, gnupg, kde, nameservice, nvidia,
php, python, ssl_certs/keys (add letsencrypt and dehydrated paths), X
- add vulkan, qtf and qt5-compose-cache abstractions
- tunables: add @{uid} and @{uids} kernel var placeholders

Please see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.10.4
for the detailed upstream changelog

Additional fixes:

- allow netconfig to write resolv.conf to /run with link to /etc (fate#325872, boo#1097370)
- fixed a parser crash on invalid abi rules
- adjust sssd paths in abstractions/nameservice