Use cgroups to identify snap confined applications rather than AppArmor

The AppArmor based check only worked on platforms that supported
AppArmor, and returned only a limited amount of information about the
snap.

The new strategy first checks to see if the process appears to be snap
confined by checking cgroup membership, then calls out to the "snap"
utility to retrieve more detailed information about the snap.