Summary:
Forbid more syscalls. An malicious theme could create directories with the
password as name, or encode the password in chmod bits. Also, prevent
deleting anything, so a theme can't delete the users files.

Test Plan:
- Autotests run fine
- Started sceenlocker, unlocked, created a new session.
  Got no seccomp violations in dmesg and everything worked fine.
- Didn't test it with the nvidia driver

Reviewers: graesslin

Reviewed By: graesslin

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D8756