selinux policy: allow custodia to access /proc/cpuinfo
    
    On aarch64, custodia creates AVC when accessing /proc/cpuinfo.
    
    According to gcrypt manual
    (https://gnupg.org/documentation/manuals/gcrypt/Configuration.html),
    /proc/cpuinfo is used on ARM architecture to read the hardware
    capabilities of the CPU. This explains why the issue happens only
    on aarch64.
    
    audit2allow suggests to add the following:
    allow ipa_custodia_t proc_t:file { getattr open read };
    
    but this policy would be too broad. Instead, the patch is using
    the interface kernel_read_system_state.
    
    Fixes: https://pagure.io/freeipa/issue/8972
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>