apparmor: convert delegating deleted files to mediate deleted files

apparmor: convert delegating deleted files to mediate deleted files

This is a semantic change that may need to be reverted but we can not
properly do delegation atm and doing blind delegation is a security
hole.

Files that have the necessary labeling can still be delegated however
mediation will be required for deleted files that need to be revalidated.

Note: we code is setup to specify DELEGATE_DELETED but aliases it on
the backend to MEDIATE_DELETED. This will have to be partially reverted/
changed for profile replacement causing a revalidation.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>