overlay coreos/user-patches: Rework SELinux patches

- Merge all the patches into one. Previously there were a bunch of
  smaller patches, but their filenames and their contents did not
  really explain what they were fixing.

- Document some of the changes that we have made. Try to put as much
  information about our own modifications.

- Drop deprecated killall(kernel_t), mcs_file_read_all(kernel_t),
  mcs_file_write_all(kernel_t), mcs_ptrace_all(kernel_t).

- Add more changes to cover more of the AVCs we were getting.

sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sec-policy/flatcar-selinux-patches/README.md

@@ -0,0 +1,17 @@
+The following steps were needed to make these patches:
+
+- Clone the refpolicy repo:
+  - https://github.com/SELinuxProject/refpolicy.git
+- Checkout the appropriate tag:
+  - For example `RELEASE_2_20231002`.
+- Apply the Gentoo patch:
+  - See the sec-policy/selinux-base ebuild in portage-stable for the
+    patch tarball URL.
+- Apply our changes.
+- Generate the patch:
+  - Since sec-policy/selinux- packages set their source directory to
+    work directory (in Gentooese: `S=${WORKDIR}/`), the user patches
+    are applied from the parent directory of the refpolicy sources. In
+    order to generate proper patches, do `git format-patch
+    --src-prefix=a/refpolicy/ --dst-prefix=b/refpolicy/
+    <SINCE_COMMIT>`