Switch to "mcs" SELinux policy

We're going to want the ability for processes to have unique categories,
to enforce separation of container processes.  Gentoo's SELinux policy
supports both Multi-Category Security and Multi-Level Security modes,
although the latter does not seem to work out of the box.

overlay/etc/selinux/config

@@ -12,4 +12,4 @@ SELINUX=enforcing
 #	mls      - Full SELinux protection with Multi-Level Security
 #	mcs      - Full SELinux protection with Multi-Category Security 
 #	           (mls, but only one sensitivity level)
-SELINUXTYPE=strict
+SELINUXTYPE=mcs