[WIP] Fixed youki molecule test

[tico88612]

What type of PR is this?

/kind failing-test

What this PR does / why we need it:

The youki molecule test fails because youki's libseccomp binding treats
duplicate seccomp rules as fatal (EEXIST), unlike crun/runc which
silently ignore them. CRI-O's default seccomp profile contains duplicate
rules for the socket syscall (AF_NETLINK), triggering this failure.

Work around this by setting seccomp profile_type to Unconfined (1) in
the shared sandbox.json.j2 template when youki_enabled is true, so
CRI-O skips applying its default seccomp profile for youki test runs.

Special notes for your reviewer:

#13076 failing at youki molecule, I'm not sure which layer is causing the issue yet; I don't see any obvious commits in CRI-O.

Does this PR introduce a user-facing change?:

NONE

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tico88612

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [tico88612]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tico88612]

Only molecule

/label ci-short

[tico88612]

/remove-label ci-short

[tico88612]

/retest

[tico88612]

/cc @VannTen

[VannTen]

Can we fill an issue on CRI-O side and reference it ? This looks like something which would also cause problem in real clusters.

[tico88612]

@VannTen youki-dev/youki#3479

I'm not sure if this is a youki or a CRI-O issue, so I'll check with youki first.

[k8s-ci-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.