Sounds very good!
These grub default menu entries were implemented.
Please review.
Looked at /boot/grub/grub.cfg which looks good but entirely untested in a live boot for now. I thought this might be a good visualization for discussion.
Let me know if these grub boot menu entries need adjustments to work well with apparmor-profile-everything.
(Also posted here: multiple boot modes for better security: persistent user | live user | persistent secureadmin | persistent superadmin | persistent recovery mode - #34 by Patrick)