arm/optee-client: fix systemd service dependencies

udev starts tee-supplicant once optee has been found.
Fix dependencies in systemd service so that starting it in
initrd is possible. Stopping requires that ftpm
kernel module is disabled or any TPM related actions will fail until
the next reboot so working around these in the service file. These
are limitations of current kernel optee and ftpm drivers.

tpm2.target requires systemd 256 or newer. With older system version
there is no simple way to queue in service before TPM device is
available.

https://www.freedesktop.org/software/systemd/man/devel/systemd.special.html#tpm2.target

Note that
https://www.freedesktop.org/software/systemd/man/devel/systemd-tpm2-generator.html
detects TPM support from either existing kernel driver (built in or
loaded really early in initrd and rootfs boot) or ACPI table entry for
TPM device. If firmware used a TPM device but doesn't provide ACPI table
entry for it, then a kernel patch has been proposed to expose this to
userspace:

https://lore.kernel.org/lkml/20240422112711.362779-1-mikko.rapeli@linaro.org/

and matching change proposal for systemd:

https://github.com/systemd/systemd/pull/32400

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-arm/recipes-security/optee/optee-client/tee-supplicant@.service

@@ -1,10 +1,12 @@
 [Unit]
 Description=TEE Supplicant on %i
+DefaultDependencies=no
+After=dev-%i.device
+Wants=dev-%i.device
+Conflicts=shutdown.target
+Before=tpm2.target sysinit.target shutdown.target
 
 [Service]
-User=root
 EnvironmentFile=-@sysconfdir@/default/tee-supplicant
 ExecStart=@sbindir@/tee-supplicant $OPTARGS
-
-[Install]
-WantedBy=basic.target
+ExecStop=-/bin/sh -c "/sbin/modprobe -v -r tpm_ftpm_tee ; /bin/kill $MAINPID"