improve seccomp filter
Notable changes:
- detailed syscall filter for clone()
- X11 related syscalls are blocked on non X11 window systems
- improve readability and add information about the state of the sandbox feature
Edited by valoq
Notable changes: