[docker-database] limit privileged flag for database container (sonic…

…-net#19248)

#### Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420
#### How I did it
Reduce linux capabilities in privileged flag

#### How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
```
admin@vlab-08:~$ docker inspect database0 | jq '.[0] | {CapAdd: .HostConfig.CapAdd, Privileged: .HostConfig.Privileged, AppArmor: .AppArmorProfile, Security
Opt: .HostConfig.SecurityOpt, Devices: .HostConfig.Devices, MaskedPath: .HostConfig.MaskedPaths, ReadonlyPaths: .HostConfig.ReadonlyPaths}'
{
  "CapAdd": null,
  "Privileged": false,
  "AppArmor": "unconfined",
  "SecurityOpt": [
    "apparmor=unconfined"
  ],
  "Devices": [],
  "MaskedPath": [],
  "ReadonlyPaths": []
}
```

rules/docker-database.mk

@@ -28,7 +28,7 @@ SONIC_BOOKWORM_DBG_DOCKERS += $(DOCKER_DATABASE_DBG)
 SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
 
 $(DOCKER_DATABASE)_CONTAINER_NAME = database
-$(DOCKER_DATABASE)_RUN_OPT += --privileged -t
+$(DOCKER_DATABASE)_RUN_OPT += -t --security-opt apparmor=unconfined --security-opt="systempaths=unconfined"
 $(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
 $(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro