Don't use --remove when running systemd-tmpfiles.

Running systemd-tmpfiles(8) with the --remove option after modifying
the tmpfiles.d configuration, is apparently a bad idea.  There are
several packages distributing tmpfiles.d entries of type "D" that put
critical files in those directories.

E.g, Fail2Ban has a type "D" entry for /run/fail2ban.  Running
'systemd-tmpfiles --remove' will empty that directory, removing the
communication socket located there.  it then becomes impossible to
get status from the Fail2Ban daemon, or tell it to flush its logs
(which lograte(8) does).

Thus, change systemd::tmpfiles to use only the --create and --clean
options after it has updated config files in /etc/tmpfiles.d.