syz-cluster: better approaches to focus the fuzzer

[a-nogikh]

Currently, during patch fuzzing we set up the following focus areas as follows:

1. Symbols whose hashes have changed (weight 6): symbols
2. Files that have been modified by the patch set (weight 3): files
3. Everything else (weight 1)

The approach breaks when the patch set affects both hot and relatively cold symbols - in that case, group 1 matches pretty much the whole corpus, which means we really have no focus anymore.

Here's an example:
https://ci.syzbot.org/series/482a4320-cc3f-465f-93d2-8db32137c5f6
https://ci.syzbot.org/sessions/07deb410-5d91-43a1-9952-b98f4a7b702f/test_logs?name=%5bKASAN%5d%20Fuzzing

Towards the end of the fuzzing session, we have

  "corpus": 22669,
  "corpus [files]": 19569,
  "corpus [symbols]": 17821,

---

Possible approaches to solve it:

1. Add each symbol to its own focus area. Then, the fuzzer's attention will be evenly split between the programs that cover each of the modified symbols. However, this will require some refactoring of pkg/corpus and pkg/manager to support it, since we sometimes have hundreds of differing symbols.
2. Set focus areas only after the corpus has been triaged. Then, we can probe how many corpus programs cover each of the modified symbols, and only pick those that are covered by the minority of corpus programs.
3. Use a different seed selection approach. If we switch to a seed selection that favors less frequently covered PCs, we won't need anything else as fuzzer will automatically balance hot and cold PCs.