cfg: add library configuration for libselinux (#6461)

There are a couple false-positives and false-negatives:

- no warning of `ignoredReturnValue` for `get_default_type()`:
   
  ```xml
  <function name="get_default_type">
    <returnValue type="int"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-null/>
      <not-uninit/>
      <strz/>
    </arg>
    <arg nr="2" direction="out">
      <not-null/>
    </arg>
  </function>
  <memory>
    <alloc init="true" arg="2">get_default_type</alloc>
    <dealloc>free</dealloc>
  </memory>
  ```
  ```c
get_default_type("object_r", type2); // does not report
ignoredReturnValue
  ```

- wrong `constVariablePointer` report for `selabel_open()`, especially
since the cleanup function `selabel_close()` does take a not pointer to
non-const:
  ```xml
  <function name="selabel_open">
    <returnValue type="struct selabel_handle *"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-uninit/>
      <not-bool/>
      <valid>0:5</valid>
    </arg>
    <arg nr="2" direction="in">
      <not-uninit/>
      <minsize type="argvalue" arg="3"/>
    </arg>
    <arg nr="3" direction="in">
      <not-uninit/>
      <not-bool/>
    </arg>
  </function>
  ```
  ```c
struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); //
reports constVariablePointer
  ```

- missing `memleak` for `getseuserbyname()`:
  ```xml
  <function name="getseuserbyname">
    <returnValue type="int"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-null/>
      <not-uninit/>
      <strz/>
    </arg>
    <arg nr="2" direction="out">
      <not-null/>
    </arg>
    <arg nr="3" direction="out">
      <not-null/>
    </arg>
  </function>
  <memory>
    <alloc init="true" arg="2">getseuserbyname</alloc>
    <dealloc>free</dealloc>
  </memory>
  <memory>
    <alloc init="true" arg="3">getseuserbyname</alloc>
    <dealloc>free</dealloc>
  </memory>
  ```
  ```c
  void getseuserbyname_fail2(void)
  {
    char *seuser, *level;
    getseuserbyname("root", &seuser, &level);
    free(level);

    // seuser is leaked; no memleak report
  }
  ```

---------

Co-authored-by: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Co-authored-by: Oliver Stöneberg <firewave@users.noreply.github.com>

Author: 3 people

.github/workflows/CI-unixish.yml

@@ -359,7 +359,7 @@ jobs:
       - name: Install missing software on ubuntu 22.04 (cfg)
         if: matrix.os == 'ubuntu-22.04'
         run: |
-          sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
+          sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libselinux-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
 
       # coreutils contains "nproc"
       - name: Install missing software on macos