[apparmor] [Patch 0/3] Add Full minimization to the HFA

[John Johansen]

Rework the HFA permission tracking to make it possible to add full
state minimization.  This fixes a major bug in the HFA where deny rules
may not be completely applied to all states dependent on how the
rules where written and compiled into the dfa.  In general this has not
been a problem but it is a possible failure case.

Adding full minimization also brings other niceties like smaller dfas
and generally faster compiles (as there are fewer states for the compression
engine to handle).