[supervisor] add ptrace cap for all child process

[iQQBot]

Description

[supervisor] add ptrace cap for all child process

Related Issue(s)

Fixes CLC-843

How to test

Follow this reproduce step, make sure Pycharm is able to attach with the running process.

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - pd-clc-843
• 🔗 URL - pd-clc-843.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - pd-CLC-843-gha.30048
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• /werft with-werft
  Run the build with werft instead of GHA
• leeway-no-cache
• /werft no-test
  Run Leeway with --dont-test

Publish

• /werft publish-to-npm
• /werft publish-to-jb-marketplace

Installer

• analytics=segment
• with-dedicated-emulation
• workspace-feature-flags
  Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-large-vm
• /werft with-gce-vm
  If enabled this will create the environment on GCE infra
• /werft preemptible
  Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• with-integration-tests=all
  Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• with-monitoring

/hold

[geropl]

Changes LGTM, tested (not the pycharm thing, just ptrace caps) and works. ✔️

I'd love us to find a nice way to document the "why we add the ptrace sys cap" in code comments (https://github.com/gitpod-io/gitpod/pull/20359/files#r1838289773); let you decide on how to do that @iQQBot ! 🙏

[geropl]

Let's go 🎢

[iQQBot]

/unhold