Use a seccomp whitelist when the tor daemon is configured to use Bridges.
The seccomp whitelist for the tor sandbox only has the system calls required for the tor daemon itself (based off tor's UseSandbox
implementation). This causes obfs4proxy to not work, so when Bridges are enabled, a rudimentary blacklist is installed instead.
The proper thing to do would be to figure out what systemcalls obfs4proxy needs in addition to the ones in the current whitelist and selective expand the whitelist at runtime based on configuration.