docker-base: limit systemd-tmpfiles to /run/
In 96a6711 we added re-running systemd-tmpfiles to add files to /run
on the root fs of the container. Here we'll limit where systemd-tmpfiles
puts files by passing it --prefix /var and --prefix /var/run/
(cherry picked from commit 93205adc7d1a7942829f2fd8c9305863e786a490)