Keep audio and video groups regardless of nogroups

Currently, on systems that use seat managers that do not implement
seat-based ACLs (such as seatd), sound is broken whenever `nogroups` is
used.  This happens because without ACLs, access to the audio devices in
/dev is controlled by the standard group permissions and the "audio"
group is always dropped when `nogroups` is used.  This patch makes the
"audio" and "video" groups be dropped if and only if `noaudio` and
`novideo` are in effect, respectively (and independently of `nogroups`).
See netblue30#4603 and the linked issues/discussions for details.

Note: This is a continuation of commit ea564eb ("Consider nosound and
novideo when keeping groups") / PR netblue30#4632.

Relates to netblue30#2042 and netblue30#4531.

src/firejail/main.c

@@ -3134,37 +3134,38 @@ int main(int argc, char **argv, char **envp) {
  sprintf(ptr, "%d %d 1\n", gid, gid);
  ptr += strlen(ptr);
 
- if (!arg_nogroups) {
- // add firejail group
- gid_t g = get_group_id("firejail");
+ gid_t g;
+ // add audio group
+ if (!arg_nosound) {
+ g = get_group_id("audio");
  if (g) {
  sprintf(ptr, "%d %d 1\n", g, g);
  ptr += strlen(ptr);
  }
+ }
 
- // add tty group
- g = get_group_id("tty");
+ // add video group
+ if (!arg_novideo) {
+ g = get_group_id("video");
  if (g) {
  sprintf(ptr, "%d %d 1\n", g, g);
  ptr += strlen(ptr);
  }
+ }
 
- // add audio group
- if (!arg_nosound) {
- g = get_group_id("audio");
- if (g) {
- sprintf(ptr, "%d %d 1\n", g, g);
- ptr += strlen(ptr);
- }
+ if (!arg_nogroups) {
+ // add firejail group
+ g = get_group_id("firejail");
+ if (g) {
+ sprintf(ptr, "%d %d 1\n", g, g);
+ ptr += strlen(ptr);
  }
 
- // add video group
- if (!arg_novideo) {
- g = get_group_id("video");
- if (g) {
- sprintf(ptr, "%d %d 1\n", g, g);
- ptr += strlen(ptr);
- }
+ // add tty group
+ g = get_group_id("tty");
+ if (g) {
+ sprintf(ptr, "%d %d 1\n", g, g);
+ ptr += strlen(ptr);
  }
 
  // add games group