Add an apparmor_profile sudo setting

Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.

include/sudo_debug.h

@@ -85,6 +85,7 @@ struct sudo_conf_debug_file_list;
 #define SUDO_DEBUG_SELINUX	(12<<6)    /* selinux */
 #define SUDO_DEBUG_UTIL		(13<<6)    /* utility functions */
 #define SUDO_DEBUG_UTMP		(14<<6)    /* utmp file ops */
+#define SUDO_DEBUG_APPARMOR     (15<<6)    /* AppArmor */
 #define SUDO_DEBUG_ALL		0xffff0000 /* all subsystems */
 
 /* Error return for sudo_debug_register().  */