Drop seccomp sandboxing

Again and again the seccomp filter breaks the greeter, because of changes
in Qt, Mesa or other drivers.

On top of that, it doesn't even really provide security:
- It defaults to allowing syscalls (early on, open was not allowed, but openat
  was, making it useless)
- With the prop. nvidia driver or on wayland, creating and writing files is
  explicitly allowed
- The DBus session bus is open, allowing arbitrary commands to be run

This has a side effect: Without the sandbox, it's not necessary to have
a long-running kcheckpass anymore, so the authenticator is now always using
the "direct" mode.