aa-notify checks that it can read the selected log file — and aborts if it
can't — before it checks group membership vs. use_group, so in practice setting
use_group is only useful for users who are allowed to read logs but don't want
to see notifications. This seems to be a corner case, easily addressed via
~/.apparmor/notify.conf or by deinstalling apparmor-notify. So let's instead
optimize for a more common use case, i.e. users who can read the logs and want
to see the notifications. This change does not impact the most common use case,
i.e. desktop users who are not allowed to read the logs.