apparmor-session-lockdown: set XDG_RUNTIME_DIR to run user processes

We use systemd-run to schedule the pactl process to be run under
a vaguely realistic user-session. However, there's a chicken-and-egg
problem here: systemd-run uses either D-Bus or a private socket in
XDG_RUNTIME_DIR to communicate with systemd, and without setting some
environment variables we can't know either of those.

This is similar to the implementation of the same concept in
common/run-test-in-systemd. Unfortunately, the AppArmor tests
need to reinvent that bit, because they run as root (to be able to
manipulate AppArmor, which is a highly privileged action).

Bug-Apertis: https://phabricator.apertis.org/T1859



Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3449