Code review comment for lp://qastaging/~jdstrand/snap-confine/preprocessor

Nice catch on the sizeof; that is annoying. I'm going to cleanup those sizeof()s so this won't happen again and also add a test that is close to the max line length to catch this in the future.

The reason for the preprocessing is threefold:
 * Seth mentioned he didn't like that we started to setup the seccomp filter then just bailed. Preprocessing addresses that
 * We are going to need to support complain mode and I was going to introduce @complain for this. With preprocessing I can detect @complain easily and then set seccomp_init() appropriately rather than having to undo stuff
 * I wanted to support deny rules and have deny rules behave like apparmor for policy writers. Ie, if you have a deny rule, any allow rules are ignored. I was going to implement this using '@deny foo' (I chose '@deny' in case 'deny' was ever added as a syscall and to continue with the '@' directives). I was going to preprocess and find all the deny rules, then in postprocess I would check to see if I already saw a deny rule, if I did, then I would skip adding the rule

All combined, preprocessing seemed to be the simplest and easiest to understand method to implement.