logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)

logind: fix /run/user/$UID creation in apparmor-confined containers (#4154)

When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM.  This then leads to:

    systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
    login[42]: pam_systemd(login:session): Failed to create session: Access denied

and user sessions don't start.

This also applies to selinux that too returns EACCES on mount denial.

[1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies
[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch