pipewire-pulse: add snap permissions support

SNAP containers have two main "audio" security rules:

 * audio-playback: the applications inside the container can
   send audio samples into a sink

 * audio-record: the applications inside the container can
   get audio samples from a source

Also, old SNAP containers had the "pulseaudio" rule, which just
exposed the pulseaudio socket directly, without limits. This
is similar to the current Flatpak audio permissions.

In the pulseaudio days, a specific pulseaudio module was used
that checked the permissions given to the application and
allowed or forbade access to the pulseaudio operations.
With the change to pipewire, this functionality must be
implemented in pipewire-pulse to guarantee the sandbox
security.

This patch adds support for sandboxing permissions in the
pulseaudio module, and implements support for the SNAP audio
security model, thus forbiding a SNAP application to record
audio unless it has permissions to do so.

The current code for pipewire-pulseaudio checks the permissions
of the snap and adds three properties to each new client:

 * pipewire.snap.id: contains the Snap ID of the client.

 * pipewire.snap.audio.playback: its value is 'true' if the client
   has permission to play audio, or 'false' if not.

 * pipewire.snap.audio.record: its value is 'true' if the client
   has permission to record audio, or 'false' if not.

These properties must be processed by wireplumber to add or
remove access permissions to the corresponding nodes. That
code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567

meson_options.txt

@@ -334,3 +334,7 @@ option('gsettings-pulse-schema',
        description: 'Install gsettings schema for pulseaudio',
        type: 'feature',
        value: 'auto')
+option('snap',
+       description : 'Snap support is available.',
+       type : 'feature',
+       value : 'auto')