seccomp: permit specifying multiple errnos for a syscall

seccomp: permit specifying multiple errnos for a syscall

If more than one errno is specified for a syscall in SystemCallFilter=,
use the last one instead of reporting an error. This is especially
useful when used with system call sets:

    SystemCallFilter=@privileged:EPERM @reboot

This will block any system call requiring super-user capabilities with
EPERM, except for attempts to reboot the system, which will immediately
terminate the process. (@reboot is included in @privileged.)

This also effectively fixes #9939, since specifying different errnos for
“the same syscall” (same pseudo syscall number) is no longer an error.