AppArmor: allow opening attachments (Closes: #874100).

We transition to dedicated profiles when doable (Evince, Totem),
and fallback to sanitized_helper otherwise.

Yes, this is wide-open, but this profile already grants access to the user's
dconf configuration and personal data anyway; it's unclear to me what exactly
this profile is trying to protect against, so for now let's avoid breaking
common use cases.