Do not unconditionally use PTRACE_CONT when recieving a useless SECCOMP event

[yuyichao]

If we decided that we need to do sysexit, the tracee needs to be be restarted using PTRACE_SYSCALL rather than PTRACE_CONT. In particular, if we got the sysenter through PTRACE rather than SECCOMP, we need to make sure that the restart from the useless SECCOMP honers this.

Also add a minor optimization to make sure we set the optimum restart method (and sysexit_pending) when we got the syscall through PTRACE before SECCOMP.

AFAICT, after this there are two more test failures left, 230f47ch and proocare (how are they even named.....) (edit: plus the docker test seems to be on and off on the CI). I believe both of them are due to nested seccomp, i.e. we failed to emulate the case when the tracee installed a seccomp filter that returns SECCOMP_RET_TRACE (we need to notify the tracee about this just like ptrace). In fact, we need to intercept SECCOMP_SET_MODE_FILTER more generally since we also don't want it to see the syscalls we injected into the tracee.... On my system, this causes scanelf to get killed. (though from the log, this isn't really the cause of https://github.com/proot-me/proot/issues/290).