When a realm has enabled 'use-flatpak' a .desktop file for GNOME
Software will be automatically generated while that realm is running.
This .desktop file will launch GNOME Software from Citadel inside a
bubblewrap sandbox. The sandbox has been prepared so that GNOME
Software will install flatpak applications into a directory that belongs
to the realm associated with the .desktop file.
When a realm has enabled 'use-flatpak' this directory will be bind
mounted (read-only) into the root filesystem of the realm so that
applications installed by GNOME Software are visible and can be launched.
The concept of an 'unsealed' RealmFS no longer exists so support for this has been
removed. The result is much less complex and easier to understand and maintain.
This makes it possible to calculate sha256sum in place on an image file
which has both a header and an appended dm-verity tree. Before this
required a message process of extracting the body into a temporary file.
