units: use SuccessExitStatus to ignore syntax errors in tmpfiles

This makes sense from the point of view of the whole distribution:
if there are some specific files that have syntax problems, or unknown
users or groups, or use unsupported features, failing the whole service
is not useful.

In particular, services with tmpfiles --boot should not be started after boot.
The premise of --boot is that there are actions which are only safe to do once
during boot, because the state evolves later through other means and re-running
the boot-time setup would destroy it. If services with --boot fail in the
initial transaction, they would be re-run later on when a unit which
(indirectly) depends on them is started, causing problems.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1507501.

(If we had a mode where a service would at most run once, and would not be
started in subsequent transactions, that'd be a good additional safeguard.
Using ExecStart=-... is a bit like that, but it causes all failure to be
ignored, which is too big of a hammer.)

units/systemd-tmpfiles-clean.service.in

@@ -18,4 +18,5 @@ Before=shutdown.target
 [Service]
 Type=oneshot
 ExecStart=@rootbindir@/systemd-tmpfiles --clean
+SuccessExitStatus=65
 IOSchedulingClass=idle

units/systemd-tmpfiles-setup-dev.service.in

@@ -20,3 +20,4 @@ ConditionCapability=CAP_SYS_MODULE
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=@rootbindir@/systemd-tmpfiles --prefix=/dev --create --boot
+SuccessExitStatus=65

units/systemd-tmpfiles-setup.service.in

@@ -20,3 +20,4 @@ RefuseManualStop=yes
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=@rootbindir@/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
+SuccessExitStatus=65