dns install: fix selinux avc relabelto
    
    During the DNS server installation in SELinux enforcing mode,
    ipa-dnskeysyncd.service fails to restart because of the AVC:
    avc:  denied  { relabelto } for  pid=29955 comm="systemd-tmpfile" name="softhsm_pin" dev="vda4" ino=38440 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:ipa_dnskey_t:s0 tclass=file permissive=0
    
    Add the missing policies
    allow systemd_tmpfiles_t ipa_dnskey_t:file relabelto;
    allow ipa_dnskey_t fs_t:filesystem associate;
    allow ipa_ods_exporter_t ipa_dnskey_t:file { getattr ioctl open read };
    allow named_t ipa_dnskey_t:file { getattr open read };
    
    Fixes: https://pagure.io/freeipa/issue/9782
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>