Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.
Let's lock this down explicitly, by hooking in pam_deny.so.
Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.
Fixes: #12950
Stupid PAM, please just go away!
login[26]: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
login[26]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login[26]: Error in service module