Add disable-aslr & seccomp-profile-installer apps

[IsaiahStapleton]

These apps deploy the necessary resources for allowing the personality and ptrace system calls in the rhods-notebooks namespace. This allows us to get the functionality the CS 210 and EC 440 courses need from GDB.

[computate]

@IsaiahStapleton can you please add a description why this is going into NERC Prod?

[IsaiahStapleton]

@computate I added a description to the PR that explains why its going into NERC prod, the README in this repo: https://github.com/IsaiahStapleton/disable-aslr-nerc also gives a more whole explanation of the solution

[computate]

@IsaiahStapleton There is a sleep 5 in the watchsa.sh script. Should this be configurable in an Environment Variable in the Deployment in case of performance issues every 5 seconds?

[IsaiahStapleton]

@computate Possibly. The thing is that from the moment a students hits start server and the request for the instance to be created starts, the script needs to apply the scc to their service account that is created before the instance starts so that they are using the correct seccomp profile. That means the script needs to be run every few seconds so that it can catch the creation of the service account before the instance is launched. @larsks what do you think?

[larsks]

The _oc get sa -o name --watch command in that script is a blocking operation. The script is not looping every 5 seconds; that sleep 5 only comes into play if the --watch command exits. The sleep is to prevent overly rapid cycling, but in general we expect the script to be idling at the oc get --watch command.