[antlir2][rpm] set SYSTEMD_OFFLINE env var

Summary:
S597085 introduced a fallback path where sometimes `/proc` as seen from rpm
scriptlets is actually that of the host and not the antlir2 lightweight
container. In these cases, `/proc/1/comm` indicates itself as `systemd`, in
which case some `systemctl` command used in rpm scriptlets try to contact pid1
over dbus. That doesn't work in the container, but if we just set this
`SYSTEMD_OFFLINE=1` env var,

Test Plan:
```name="Force the fallback path"
❯ hg diff
 diff --git a/fbcode/antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/isolation.rs b/fbcode/antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/isolation.rs
 --- a/fbcode/antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/isolation.rs
+++ b/fbcode/antlir/antlir2/antlir2_isolate/isolate_unshare/isolate_unshare_preexec/src/isolation.rs
@@ -334,27 +334,27 @@
         Err(e) => Err(e),
     }?;

-    match nix::mount::mount(
-        None::<&str>,
+    // match nix::mount::mount(
+    //     None::<&str>,
+    //     &newroot.open_dir("proc")?.abspath(),
+    //     Some("proc"),
+    //     MsFlags::MS_NOSUID | MsFlags::MS_NOEXEC | MsFlags::MS_NODEV,
+    //     None::<&str>,
+    // ) {
+    //     Ok(()) => Ok(()),
+    //     Err(nix::errno::Errno::EPERM) => {
+    warn!("got EPERM while mounting /proc - attempting a bind mount instead");
+    mount(
+        Some("/proc"),
         &newroot.open_dir("proc")?.abspath(),
-        Some("proc"),
-        MsFlags::MS_NOSUID | MsFlags::MS_NOEXEC | MsFlags::MS_NODEV,
         None::<&str>,
-    ) {
-        Ok(()) => Ok(()),
-        Err(nix::errno::Errno::EPERM) => {
-            warn!("got EPERM while mounting /proc - attempting a bind mount instead");
-            mount(
-                Some("/proc"),
-                &newroot.open_dir("proc")?.abspath(),
-                None::<&str>,
-                MsFlags::MS_BIND | MsFlags::MS_REC,
-                None::<&str>,
-            )
-            .context("while bind-mounting /proc")
-        }
-        Err(e) => Err(e).context("while mounting /proc"),
-    }?;
+        MsFlags::MS_BIND | MsFlags::MS_REC,
+        None::<&str>,
+    )
+    .context("while bind-mounting /proc")?;
+    //     }
+    //     Err(e) => Err(e).context("while mounting /proc"),
+    // }?;
```

```name="A previously failing postscript now passes"
❯ buck2 build --show-output fbcode//os_foundation/images/impl:base.os.nochef
Buck UI: https://www.internalfb.com/buck2/d0aa6686-81e1-4c82-a4a4-f002e54c5e77
BUILD SUCCEEDED
fbcode//os_foundation/images/impl:base.os.nochef buck-out/v2/gen/fbcode/8f286f42c60e7868/os_foundation/images/impl/__base.os.nochef__/compile/subvol_symlink
```

Reviewed By: justintrudell

Differential Revision: D89905750

fbshipit-source-id: 5e14e0fc497fcbbafde2c92189c8d36f3ab1acf4

Author: vmagro

antlir/antlir2/features/rpm/rpm.rs

@@ -602,6 +602,12 @@ fn run_dnf_driver(
         // discourage systemd-tmpfiles postscripts from creating nested subvols,
         // since antlir does not handle that very nicely
         .setenv(("SYSTEMD_TMPFILES_FORCE_SUBVOL", "0"))
+        // Discourage systemd from trying to contact pid1 over dbus and do
+        // offline operations implicitly (where possible obviously)
+        // This is only relevant in the /proc fallback case from S597085,
+        // otherwise pid1 does not appear to be systemd at all and this is
+        // already the behavior that systemd would have had
+        .setenv(("SYSTEMD_OFFLINE", "1"))
         .build();
     if ctx.is_planning() {
         isol.inputs((Path::new("/__antlir2__/root"), root.deref()))