condition: Check that subsystem is enabled in ConditionSecurity=tpm2
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
(cherry picked from commit 300bba79c22e4be1effe2faad0e59ac725d396a1)