New comment by noarchwastaken on void-packages repository

https://github.com/void-linux/void-packages/issues/31904#issuecomment-1091754469

Comment:
In #32562 (the now) ghost mentioned we could also patch `virt-aa-helper`, and I prefer it since:

First, looking at `restricted-rw[]` it's all publicly accessible files with no confidential information. /usr/share/qemu/ also doesn't contain confidential files, so even in the case of a breakout that will be stopped by apparmor, the risk is managable.

Second, the moving firmware to /usr/share/ovmf method breaks existing VM configurations (except maybe we link the firmwares back? But existing VMs still suffer from the same problem, and it requires manual intervention.)

Last, there are several closed PRs attempting to add `ovmf` so far, and I don't think we need them anymore?