We have a sha check rather than just readlink as an app in a mount
namespace could have an executable with the same path as an exectuable
on the host system that we trust.
This became overly complicated to solve an issue that didn't exist.
sha(/proc/PID/exe) does resolve to what is currently running even if
sha(readlink(/proc/PID/exe) does not as /proc is magic.
This patch compares the root file system as kwin sees it to the running
See later comments on D22571