Merge [2.x..3.0] aa-remove-unknown: abort on parser failure

If apparmor_parser -N (in profiles_names_list()) fails,
aa-remove-unknown possibly gets an incomplete list of profiles in
/etc/apparmor.d/ and therefore might remove more profiles than it
should.

Replace the profiles_names_list() call with a direct apparmor_parser
call, and abort aa-remove-unknown if it exits with $? != 0

Before:
```
aa-remove-unknown -n
AppArmor parser error for /etc/apparmor.d/broken in profile /etc/apparmor.d/broken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN
Would remove 'delete_me'
```

After:
```
./aa-remove-unknown -n
AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/zbroken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN
apparmor_parser exited with failure, aborting.
```

And of course, after fixing the broken profile:
```
./aa-remove-unknown -n
Would remove 'delete_me'
```

(cherry picked from commit 5053a01d84)

This backports the fix in `aa-remove-unknown` from !836, but doesn't backport the cleanup in `rc.apparmor.functions`.

I propose this patch for 3.0 and all 2.x branches.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/859
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit c6324c2a3e)
Signed-off-by: John Johansen <john.johansen@canonical.com>

utils/aa-remove-unknown

@@ -78,7 +78,14 @@ fi
 # parent. We *do* need to remove the child profile and not rely
 # on removing the parent profile when the profile has had its
 # child profile names changed.
-profiles_names_list | awk '
+
+LOADED_PROFILES=$("$PARSER" -N $PROFILE_DIRS) || {
+	ret=$?
+	echo 'apparmor_parser exited with failure, aborting.' >&2
+	exit $ret
+}
+
+echo "$LOADED_PROFILES" | awk '
 BEGIN {
   while (getline < "'${PROFILES}'" ) {
     str = sub(/ \((enforce|complain)\)$/, "", $0);