Sandbox is an inherent part of the portage inner workings
Portage sandbox is used while building software; whenever a user has the right
to use portage, he needs the sandboxing as well.
We add portage_sandbox_t towards the portage_roles instead of the
portage_sandbox_roles, and remove the portage_sandbox_roles role attribute (as
there is no immediate need to support it besides portage_roles).
This also fixes the breakage in Portage not wanting to build anything (including
SELinux policies) as the users who have portage_run didn't have access to the
portage_sandbox_t domain (as introduced in commit
d3144af9dffa9d1d918c68b1598c871e0b5baaa2).
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>