Disable update-engine.service

There is a race condition between systemd and device policy manager.
Confidential VM makes systemd units slower so that policy manager
finishes its work before update-engine.service is initiated and enabled
resulting in unexpected OS update.

Device policy manager can enable update-engine.service if the metadata
for disabling auto-update is not set. So we should disable
update-engine.service in systemd and let device policy manager controls
it.

BUG=b/335549105
TEST=presubmit and validation tests
RELEASE_NOTE=None

Change-Id: Ib3e1fb29ae02ca44f75ad0be20c361ef65bb91d0
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/chromiumos-overlay/+/72597
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
3 files changed