Azure CI: use PPA to provide newer libseccomp version
    
    Linux 5.8 made faccessat2() system call available in August 2020. This
    system call is used now by GNU libc to implement more precisely
    faccessat() system call. GNU glibc does compile-time check for the
    kernel version and uses faccessat2() unconditionally in case it is
    available. If kernel responds with ENOSYS error code, GNU libc will
    attempt to use older, less flexible, faccessat(() system call.
    
    When running on a system where libseccomp does not know about the new
    syscall, the default action in seccomp filters in Docker and other
    container runtimes is to respond with EPERM error code. This breaks GNU
    libc's implementation of the faccessat() function -- as well as other
    newer syscall implementations (e.g. statx()).
    
    libseccomp started to support faccessat2() in July 2020 with
    https://github.com/seccomp/libseccomp/commit/5696c896409c1feb37eb502df33cf36efb2e8e01
    (version 2.5.0: https://github.com/seccomp/libseccomp/releases/tag/v2.5.0)
    
    With Ubuntu 20.04 as a host, use PPA abbra/freeipa-libseccomp which
    provides libseccomp 2.5.0 rebuild from Debian Sid.
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>