kubevirt: virt-launcher can't create VMI with disabled/permissive SELinux

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened: KubeVirt(virt-handler) ignores running virt-launcher.cil on environments like Flatcar that have disabled/permissive SELinux due to this #5298. In these situations virt-launcher won’t be able to create VMs:

Events:
  Type     Reason                  Age                    From               Message
  ----     ------                  ----                   ----               -------
  Normal   Scheduled               13m                    default-scheduler  Successfully assigned kubevirt/virt-launcher-testvm-xx5l9 to X
  Normal   SandboxChanged          8m39s (x270 over 13m)  kubelet            Pod sandbox changed, it will be killed and re-created.
  Warning  FailedCreatePodSandBox  3m39s (x541 over 13m)  kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "virt-launcher-testvm-xx5l9": Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: failed to set /proc/self/attr/keycreate on procfs: write /proc/self/attr/keycreate: invalid argument: unknown

What you expected to happen: It is expected that virt-launcher successfully create pods with running VM in it. How to reproduce it (as minimally and precisely as possible):

1. Install KubeVirt on environment with disabled selinux (Flatcar in my case).
2. create VM in my case with this configuration:

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: testvm
spec:
  running: false
  template:
    metadata:
      labels:
        kubevirt.io/size: small
        kubevirt.io/domain: testvm
    spec:
      domain:
        devices:
          disks:
            - name: containerdisk
              disk:
                bus: virtio
            - name: cloudinitdisk
              disk:
                bus: virtio
          interfaces:
          - name: default
            masquerade: {}
        resources:
          requests:
            memory: 64M
      networks:
      - name: default
        pod: {}
      volumes:
        - name: containerdisk
          containerDisk:
            image: quay.io/kubevirt/cirros-container-disk-demo
        - name: cloudinitdisk
          cloudInitNoCloud:
            userDataBase64: SGkuXG4=

1. virtctl start testvm Anything else we need to know?: It occured to me that seLinuxOptions in virt-launcher causes this issue:

securityContext:
  runAsNonRoot: true
  runAsUser: 107
  seLinuxOptions:
    level: s0
    type: virt_launcher.process

because KubeVirt ignores custom selinux in virt-launcher.cil but still uses it in virt-launcher pods when trying to create VMs.

Environment:

• KubeVirt version (use virtctl version): v0.48.0
• Kubernetes version (use kubectl version): v1.21.5
• VM or VMI specifications:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release): Flatcar Container Linux 2983.2.0
• Kernel (e.g. uname -a): 5.10.77
• Install tools:
• Others: