[ASAN] Enable SYS_PTRACE in frr, orchagent, and teamd for ASAN Enabled SONiC

[croos12]

Why I did it

When orchagent (and the other swss/bgp/teamd daemons) are built with AddressSanitizer/
LeakSanitizer (ENABLE_ASAN=y), LeakSanitizer's leak report runs at process exit and needs to
ptrace the process to walk its memory. The SONiC service containers do not grant the
SYS_PTRACE capability, so when orchagent receives SIGTERM, LeakSanitizer cannot attach and the
process crashes instead of producing a clean leak report.

Work item tracking

• Microsoft ADO (number only): N/A (NVIDIA redmine: https://redmine.mellanox.com/issues/5080485)

How I did it

• rules/docker-orchagent.mk: add --cap-add=SYS_PTRACE to the swss container _RUN_OPT,
  guarded by ifeq ($(ENABLE_ASAN), y) so it only applies in ASAN builds.
• rules/docker-fpm-frr.mk: same ASAN-guarded --cap-add=SYS_PTRACE addition for the bgp
  container.
• rules/docker-teamd.mk: same ASAN-guarded --cap-add=SYS_PTRACE addition for the teamd
  container.

How to verify it

• Build an image with ENABLE_ASAN=y.
• Bring up the device and let orchagent (swss) start.
• Send SIGTERM to orchagent (e.g. stop the swss service).
• Confirm LeakSanitizer produces its leak report cleanly at exit and orchagent no longer crashes
  Repeat for the bgp (frr) and teamd containers.

Which release branch to backport (provide reason below if selected)

Tested branch (Please provide the tested image version)

• master

Description for the changelog

Enable SYS_PTRACE in frr, orchagent, and teamd for ASAN Enabled SONiC

[mssonicbld]

/azp run Azure.sonic-buildimage

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).