Add sandbox unit tests

Add a set of basic unit tests for the Linux seccomp sandbox, testing each filtered function to verify it both succeeds and fails where expected. Resolves issue #16803 (closed).

Among other things these tests are helpful for verifying the correct seccomp rules are generated for the target system, as the syscalls used by glibc vary between its versions and across the architectures it supports.

A few things I noticed while putting this together:

• There is no sandbox_cfg_free function to match sandbox_cfg_new. Should there be? It may not matter much as I expect normally only a single sandbox configuration is generated for the life of the process, but without an appropriate way to deallocate this structure the test cases are definitely leaking memory.

• The sandbox allows all stat syscalls to succeed by default, regardless of its configuration, as SCMP_SYS(stat) is included in the filter_nopar_gen array in src/lib/sandbox/sandbox.c. This means sandbox_cfg_allow_stat_filename is effectively a no-op on platforms that implement this legacy syscall, including x86-64. Is this intentional?

• The test cases impact the use of gcov, causing the unit-test driver to output a lot of lines like

  profiling:tor/src/feature/relay/core_libtor_app_testing_a-relay_metrics.gcda:Cannot open
  profiling:tor/src/ext/lib_libtor_term_testing_a-readpassphrase.gcda:Cannot open
  profiling:tor/src/core/or/libtor_app_testing_a-or_periodic.gcda:Cannot open

  while the coverage results still show most lines of sandbox.c unexecuted. I presume this is because the sandbox is still active when gcov runs but I haven't yet found a way around this.