fix(linux/xdgportal): Improve multi-monitor support and work around breaking kmsgrab

[Kishi85]

Description

Follow up to #4931 that adds a few safety checks to selected pipewire streams and also re-adds the stream sorting by position that was lost during the final commit restructuring of said PR.

It also changes how finalizing portal security is done (dropping CAP_SYS_ADMIN + setting PR_DUMPABLE) to not break kmsgrab by dropping capabilties as before #4931.

Screenshot

Issues Fixed or Closed

• Fixes Can't find GPU or display after latest update version 2026.409.171120 #4968

Roadmap Issues

Type of Change

• feat: New feature (non-breaking change which adds functionality)
• fix: Bug fix (non-breaking change which fixes an issue)
• docs: Documentation only changes
• style: Changes that do not affect the meaning of the code (white-space, formatting, missing semicolons, etc.)
• refactor: Code change that neither fixes a bug nor adds a feature
• perf: Code change that improves performance
• test: Adding missing tests or correcting existing tests
• build: Changes that affect the build system or external dependencies
• ci: Changes to CI configuration files and scripts
• chore: Other changes that don't modify src or test files
• revert: Reverts a previous commit
• BREAKING CHANGE: Introduces a breaking change (can be combined with any type above)

Checklist

• Code follows the style guidelines of this project
• Code has been self-reviewed
• Code has been commented, particularly in hard-to-understand areas
• Code docstring/documentation-blocks for new or existing methods/components have been added or updated
• Unit tests have been added or updated for any new or modified functionality

AI Usage

• None: No AI tools were used in creating this PR
• Light: AI provided minor assistance (formatting, simple suggestions)
• Moderate: AI helped with code generation or debugging specific parts
• Heavy: AI generated most or all of the code changes

[Kishi85]

@ReenigneArcher would be great to see this in ASAP as I've managed to accidentally remove the stream sorting in my final commit re-structure on #4931 and now the streams are random in the order coming from the portal.

This might also help identifying the issues in #4968

[Kishi85]

Now also fixes kmsgrab by not dropping CAP_SYS_ADMIN earlier than before #4931.

[Kishi85]

@psyke83 Could you Cross-Check if I've missed anything in 4fbad45 ? Looks good on my end for all the usual test cases from #4931 and the issue with probing.

[psyke83]

@Kishi85

Can confirm this resolves the issue with kmsgrab failing to initialize when probed via default capture = auto (or capture unset) case. Aside from that, multi-monitor still looks to be working fine on KDE (GNOME not working is expected), and resolution change + XDG stop still works fine on both KDE and GNOME. Tested with the problematic system_tray = disabled setting and everything is still working fine.

I was thinking that finalize_portal_security() may be better suited with a more generic name and moved to a platform function in misc.cpp just in case other/future capture methods also need dropped capabilities, but that's not important right now, or relevant to this PR. Looks good to me.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud