Azure: Disable AppArmor profile for chrony

The security option 'apparmor:unconfined' tells Docker to not
apply AppArmor profiles for containers at all. This will not
replace or remove any existing profile. For example, this happens
on Ubuntu 20.04 which switched to chrony and brings its AppArmor
profile. Container's chronyd get blocked by AppArmor:

fv-az26-252 audit[11304]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/chronyd" pid=11304 comm="chronyd" capability=2  capname="dac_read_search"
fv-az26-252 audit[11304]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/chronyd" pid=11304 comm="chronyd" capability=1  capname="dac_override"

So, any of AppArmor profiles can block container's processes by
matching executable name. There are two ways:
1) prepare custom AppArmor unconfined profile, load it on Host and
    reference it in container's configuration. This requires the
    knowledge of profile syntax at least, not to difficult, but
    potentially hard to maintain.
2) disable conflicting profile on Host;

Azure will warn about AVC in either case.
The second one was chosen as more simple.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

ipatests/azure/templates/test-jobs.yml

@@ -8,6 +8,7 @@ steps:
     set -e
     sudo apt-get update
     sudo apt-get install -y \
+        apparmor-utils \
         parallel \
         moreutils \
         rng-tools \
@@ -21,6 +22,16 @@ steps:
     python3 -m pip install docker --user
   displayName: Install Host's tests requirements
 
+- script: |
+    set -e
+    printf "AppArmor status\n"
+    sudo aa-status
+    printf "Disable AppArmor conflicting profiles\n"
+    sudo aa-disable /etc/apparmor.d/usr.sbin.chronyd
+    printf "Recheck AppArmor status\n"
+    sudo aa-status
+  displayName: Disable AppArmor conflicting profiles on Host
+
 - script: |
     set -e
     printf "Available entropy: %s\n" $(cat /proc/sys/kernel/random/entropy_avail)