seccomp: do not build default seccomp policy in debug builds

[Manciukic]

Changes

This patch changes the default seccomp policy in debug builds to empty.

Reason

Rust 1.80.0 added a debug assertion that uses fcntl(F_GETFD) to ensure
the fd is still valid when it gets dropped, which broke debug builds of
firecracker.

This made us rethink on whether we'd want any default seccomp policy in
debug builds, and we decided that in most cases we don't need them and
in some cases they get in the way of prororyping and debugging.

Areas of focus

• should I mention this in the changelog? we technically broke and fixed in the same release.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• [x][N/A] If a specific issue led to this PR, this PR closes the issue.
• [x][N/A] When making API changes, I have followed the
  Runbook for Firecracker API changes.
• [x][N/A] I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• [x][N/A] I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.19%. Comparing base (a8f38cb) to head (9f307ae).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5052   +/-   ##
=======================================
  Coverage   83.19%   83.19%           
=======================================
  Files         247      247           
  Lines       26641    26641           
=======================================
  Hits        22163    22163           
  Misses       4478     4478           

Flag	Coverage Δ
5.10-c5n.metal	83.67% <ø> (ø)
5.10-m5n.metal	83.66% <ø> (+<0.01%)	⬆️
5.10-m6a.metal	82.86% <ø> (+<0.01%)	⬆️
5.10-m6g.metal	79.66% <ø> (ø)
5.10-m6i.metal	83.64% <ø> (-0.01%)	⬇️
5.10-m7g.metal	79.66% <ø> (ø)
6.1-c5n.metal	83.67% <ø> (+<0.01%)	⬆️
6.1-m5n.metal	83.65% <ø> (ø)
6.1-m6a.metal	82.86% <ø> (ø)
6.1-m6g.metal	79.66% <ø> (ø)
6.1-m6i.metal	83.64% <ø> (-0.01%)	⬇️
6.1-m7g.metal	79.61% <ø> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Manciukic]

Updates:

• added changelog entry
• made the note a warning (thanks pablo!)