To checkpoint per-thread seccomp filters we need
a significant rework of a dumping code. The general
idea is the following:

 - Each thread is tracked by its tid inside global
   seccomp rbtree thus we can easily add entries
   there or lookup on demand.

 - When we collect threads into pstree entries we fetch
   its seccomp mode from procfs parsing routine and allocate
   a new entry inside rbtree to remember the seccomp mode.
   Note at this moment we're not dumping real filters yet
   (because filter data image is a single one for all consumers)

 - Once all tids are collected and our tree is complete we call for
   seccomp_collect_dump_filters helper which walks every pstree entry
   and iterate over each tid inside thread group calling
   seccomp_dump_thread, which in turn uses ptrace engine to fetch
   filters and keep this data in memory.

   To optimize data usage we figure out if we can use TSYNC flag
   on restore calling try_use_tsync helper: for TSYNC flag kernel
   automatically propagate filter to all threads, thus we need to
   compare all filters inside thread group for identity since there
   is no other way to figure out if user passed TSYNC flag when
   been creating filters.

  - Finally dump_seccomp_filters is called which does real write
    of seccomp filter data into an image file.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>