virtio-devices: Allow fcntl syscall in release builds

The fcntl syscall was only allowed for virtio device threads in debug
builds (behind #[cfg(debug_assertions)]), causing seccomp violations
in release builds across rng, balloon, net, gpu, fs, and vsock threads.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

virtio-devices/src/seccomp_filters.rs

@@ -318,7 +318,6 @@ fn virtio_thread_common() -> Vec<(i64, Vec<SeccompRule>)> {
         (libc::SYS_rt_sigreturn, vec![]),
         (libc::SYS_sigaltstack, vec![]),
         (libc::SYS_write, vec![]),
-        #[cfg(debug_assertions)]
         (libc::SYS_fcntl, vec![]),
     ]
 }