pam-arch: Drop pam_faillock counting from fingerprint and smartcard

As mentioned in an fprintd issue comment, we need to make sure that the stack's error status is taken from the main auth module, i.e. pam_fprintd, otherwise GDM will not behave correctly.

Still use pam_faillock preauth so that we test whether the account is locked, but don't use authfail/authsucc to log a failure/success so this stack doesn't participate in triggering the lock.

Ideally we would check which return values we actually want to treat as a reason to lock the account (e.g. fingerprint mismatch) and which are neutral (e.g. no fingerprints enrolled), but that's much more effort.

Should fix FS#71750.

Has been applied downstream since 2021-08-31.