Hooks are not included in slot/plug label expressions

Expected behavior:
If my snap's snapcraft.yaml plugs a scoped interface for a given hook, the hook should be able to access resources provided by this interface.

Actual behavior:
The hook fails with AppArmor denials.

## Context
Hooks do not get access to interfaces if snapd's AppArmor rules for this interface are scoped with security tags. Root cause is that `builtin.AppLabelExpr` only accepts a map of app names (where services are a special kind of app). Therefore, `builtin.{plug,slot}AppLabelExpr` only pass a snap's apps and ignore the snap's hooks – even though my snapcraft.yaml contains plug stanzas for my hooks. This results in `/var/lib/snapd/apparmor/profiles/snap.network-manager.network-manager` containing allowance rules for snap.mysnap.{app1,app2} but not for snap.mysnap.hook.<hook-name>. This causes any interface access within the corresponding hook to fail with AppArmor denials, thus rendering hooks unusable if they require this interface.

Relevant parts of rule generation (exemplary for NM Introspectable):
https://github.com/snapcore/snapd/blob/aebfc2b83d7ac3ec49ff6811ddf8bc8c4c93b92d/interfaces/builtin/network_manager.go#L471

https://github.com/snapcore/snapd/blob/3bf8026a337df1a1c6ed54117fede52e64a786ef/interfaces/builtin/dbus.go#L152

## Reproducing
My snap requires access to the network-manager interface during its post-refresh hook. My snapcraft.yaml has the following entries (Full source at https://gitlab.com/glancr/mirros-one-snap/blob/1.0.3/snap/snapcraft.yaml):

```
hooks:
  install:
    plugs: [network, network-bind]
  post-refresh:
    plugs: [network, network-manager]
  connect-plug-network-manager:
    plugs: [network-manager]
```

Full debugging log: https://paste.ubuntu.com/p/pq29pv6zK8/