Comment 1 for bug 1656806

OA is assuming that if a client has security label other than "unconfined", then it's a click and its .application file is only looked for in ~/.local/share/accounts.
We should look in all XDG data dirs.