Remove shell automatic domain transitions to unconfined_t from various pam login programs

I think these may have been adopted from the old Red Hat targeted policy (that model only had unconfined users)

Some aspect to note:

1. The ssh_sysadm_login boolean now applies to unconfined_t as well
2. remotelogin only allows unpriv logins

The rshd module also calls unconfined_shell_domtrans() but I ignored that one because that policy currently does not have support for manual transitions with pam_selinux.

Signed-off-by: Dominick Grift <dac.override@gmail.com>

policy/modules/services/remotelogin.te

@@ -91,10 +91,6 @@ optional_policy(`
 	telnet_use_ptys(remote_login_t)
 ')
 
-optional_policy(`
-	unconfined_shell_domtrans(remote_login_t)
-')
-
 optional_policy(`
 	usermanage_read_crack_db(remote_login_t)
 ')

policy/modules/services/ssh.te

@@ -329,10 +329,6 @@ optional_policy(`
 	systemd_dbus_chat_logind(sshd_t)
 ')
 
-optional_policy(`
-	unconfined_shell_domtrans(sshd_t)
-')
-
 optional_policy(`
 	xserver_domtrans_xauth(sshd_t)
 	xserver_link_xdm_keys(sshd_t)

policy/modules/system/locallogin.te

@@ -204,10 +204,6 @@ optional_policy(`
 	systemd_write_inherited_logind_sessions_pipes(local_login_t)
 ')
 
-optional_policy(`
-	unconfined_shell_domtrans(local_login_t)
-')
-
 optional_policy(`
 	usermanage_read_crack_db(local_login_t)
 ')