gitlab-ci: actually link libapparmor on build_apparmor

The "build_apparmor" job was added on commit 342e71c ("Add
deb-apparmor build to Gitlab CI", 2019-01-26).  It would call
`./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor`
directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to
the linker.

Later, commit 87e7b31 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR netblue30#3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass `--enable-apparmor` to
./configure directly.  Instead, it adds `--enable-apparmor` depending on
whether the `$HAVE_APPARMOR` environment variable is set, which would be
done by a previous run of ./configure with `--enable-apparmor`.  Since
on "build_apparmor" ./configure is not run the first time with
`--enable-apparmor`, neither is it on the second time and thus
`-lapparmor` is never passed to the linker.  This commit adds
`--enable-apparmor` to the first ./configure run on the ci job, so that
it gets passed to the one being executed on mkdeb.sh as well.

.gitlab-ci.yml

@@ -54,7 +54,7 @@ build_apparmor:
  script:
  - apt-get update -qq
  - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
- - ./configure --prefix=/usr && make deb-apparmor && dpkg -i firejail*.deb
+ - ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb
  - command -V firejail && firejail --version
  - firejail --version | grep -F 'AppArmor support is enabled'