Create global seccomp policy.

Enabling seccomp across all processes, rather than just zygote, is
useful for auditing the syscall usage of AOSP. Create a global seccomp
policy that can optionally be enabled by init.

Bug: 37960259
Test: confirm global seccomp by removing finit_module from policy and
      observing modprobe fail, confirm regular seccomp unchanged by
      comparing length of installed bpf
Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558