kernel/selinux-testsuite: handle BPF restrictions better
    
    On RHEL and non-x86_64 Fedora kernels, the kernel.unprivileged_bpf_disabled
    sysctl is enabled by default (and at least on RHEL/ARK it cannot be
    changed). Instead of trying to disable the BPF subtest completely on
    these kernels (which is incomplete since CKI tests ARK kernels on
    Fedora), add the sys_admin capability to the BPF test domains to make
    the test work on these kernels as well.
    
    We also need to install libbpf-devel separately from CRB on RHEL, since
    it's not shipped in BaseOS.
    
    Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>