Use upstream pam systemd-auth file with a patch, add pam_keyinit
This file changes rarely, but it does every one in a while. And since we have an
independent copy, we forget to adjust it. We have had already two bugs because
of this. I submitted a PR upstream to include pam_namespace (because that makes
sense for all distros), so the diff between upstream and us now is just the
inclusion of system-auth (which is not upstreamable).
Effectively, the only difference right now is that 'pam_keyinit force revoke'
is included. It was added upstream with the comment:
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get
the basic keyring systemd --system sets up for us.