Fix apparmor profile to make vfio pci passthrough work

See lp#1276719 for the bug description. As virt-aa-helper doesn't know
the VFIO groups to use for the guest, allow access to all
/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
for vfio

Signed-off-by: Eric Blake <eblake@redhat.com>

examples/apparmor/usr.sbin.libvirtd

@@ -25,6 +25,9 @@
   capability fsetid,
   capability audit_write,
 
+  # Needed for vfio
+  capability sys_resource,
+
   network inet stream,
   network inet dgram,
   network inet6 stream,