refresh syscall groups (#5188)

now covers syscalls up to including process_madvise (440)

group assignment was blindly copied from systemd:
https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305

the only exception is close_range, which was added to both @basic-io and @file-system

this commit adds the following syscalls to the default blacklist:
pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree

0 files changed, 0 insertions, 0 deletions