blacklist does not work for new files and folders without firejail restart

Description

Blacklist for [sub]folders (and files) does not work if they were created after start application.

Steps to Reproduce

Create folders structure outside firejail:

tm4ig@sinx ~ % mkdir -p ~/test/{folder1,folder2,folder3}
tm4ig@sinx ~ % tree ~/test       
/home/tm4ig/test
├── folder1
├── folder2
└── folder3

4 directories, 0 files

Run program in firejail with blacklist mode how in my example and check permissions for folders in firejail:

tm4ig@sinx ~ % LC_ALL=C firejail --noblacklist="~/test/folder1" --blacklist="~/test/*" /bin/bash
[tm4ig@sinx ~]$ ls -l ~/test
total 0
drwxr-xr-x 2 tm4ig  tm4ig   6 Dec 13 10:22 folder1
dr-------- 2 nobody nobody 40 Dec 11 20:00 folder2
dr-------- 2 nobody nobody 40 Dec 11 20:00 folder3

Create next folder how in my example outside firejail but not close current firejail program:

tm4ig@sinx ~ % mkdir ~/test/folder4
tm4ig@sinx ~ % tree ~/test
/home/tm4ig/test
├── folder1
├── folder2
├── folder3
└── folder4

5 directories, 0 files

Expected behavior

folder4 will be in blacklist without restart firejail.

Actual behavior

folder4 is not in blacklist:

[tm4ig@sinx ~]$ ls -l ~/test
total 0
drwxr-xr-x 2 tm4ig  tm4ig   6 Dec 13 10:22 folder1
dr-------- 2 nobody nobody 40 Dec 11 20:00 folder2
dr-------- 2 nobody nobody 40 Dec 11 20:00 folder3
drwxr-xr-x 2 tm4ig  tm4ig   6 Dec 13 10:49 folder4

But after restart firejail folder4 already in blacklist:

[tm4ig@sinx ~]$ ls -lh ~/test
total 0
drwxr-xr-x 2 tm4ig tm4ig  6 Dec 13 10:22 folder1
dr-------- 2 root  root  40 Dec 11 20:00 folder2
dr-------- 2 root  root  40 Dec 11 20:00 folder3
dr-------- 2 root  root  40 Dec 11 20:00 folder4

Behavior without a profile

"noprofile" doesn't change the situation.

Environment

Arch Linux
Linux 6.6.4-arch1-1
firejail 0.9.72

Checklist

[x] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
[x] I can reproduce the issue without custom modifications (e.g. globals.local).
[ ] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
[ ] The profile (and redirect profile if exists) hasn't already been fixed upstream.
[x] I have performed a short search for similar issues (to avoid opening a duplicate).
- [x] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
[ ] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

```console tm4ig@sinx ~ % LC_ALL=C firejail --noblacklist="~/test/folder1" --blacklist="~/test/*" /bin/bash Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 539573, child pid 539574 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Child process initialized in 31.66 ms ```

Output of LC_ALL=C firejail --debug /path/to/program

[firejail.log](https://github.com/netblue30/firejail/files/13658144/firejail.log)

netblue30 / firejail