Disable AppArmor in CI to allow chrome sandbox

The CI is currently failing with this error when trying to launch
`TestWasm` with wasmbrowsertest:

No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux
distro that has disabled unprivileged user namespaces with AppArmor, see
https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md.
Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md
for more information on developing with the (older) SUID sandbox. If you
want to live dangerously and need an immediate workaround, you can try
using --no-sandbox.

This change disables AppArmor in the CI to allow the sandbox to work.

Author: igolaizola

.github/workflows/ci.yml

@@ -31,6 +31,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      - name: Disable AppArmor
+        if: runner.os == 'Linux'
+        run: |
+          # Disable AppArmor for Ubuntu 23.10+.
+          # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md
+          echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with: