adding -nolisten local to X startup, to allow for better gui isolation.

[pixel fairy]

As explained here, https://github.com/netblue30/firejail/issues/770 adding '-nolisten local' allows for easily isolating x11 or sandboxing an app from it. i cant see any advantage to having both the unix domain socket and the abstract socket. 

this should be upstream. but, that change would take longer, if it even makes it through their bureaucracies.

example, a text based irc client shouldnt take screen shots in the background.