libtracker-common: Implement sandboxing through libseccomp

The threads calling the new tracker_seccomp_init() function, and all
threads/processes spawned from these, will enter a restricted mode
where only a few sensible syscalls are allowed, and more specifically,
filesystem/socket access are restricted to being respectively
readonly and local only.

https://bugzilla.gnome.org/show_bug.cgi?id=764786