lock-util: do not expect EACCES when it cannot happen

lock-util: do not expect EACCES when it cannot happen

As per the documentation, EACCES is only returned when F_SETLK is
used, and only on some platforms, which doesn't seem to include
Linux:

https://github.com/torvalds/linux/blob/master/fs/locks.c

F_OFD_SETLK is documented to only return EAGAIN, and F_SETLKW/F_OFD_SETLKW
are blocking operations so this logic doesn't apply to them in the
first place.

Hence, only automatically convert EACCES into EAGAIN for F_SETLK
operations, and propagate the original error in the other cases.

This is important because in some cases we catch permission errors
and gracefully fallback, which is not possible if the original error
is lost.

This is an issue in practice because, due to a kernel bug present
before v6.2, AppArmor denies locking on file descriptors to LXC
containers. We support all currently maintained LTS kernels,
including v6.1, where despite a lot of effort and attempts over almost
a year, the bugfix still hasn't been backported, as it is complex and
requires large changes to AppArmor.
On affected kernels, all services running with PrivateNetwork=yes
fail and do not recover, instead of the normal behaviour of gracefully
downgrading to PrivateNetwork=no.

The integration tests in the Debian CI fail due to this issue:

https://ci.debian.net/packages/s/systemd/testing/arm64/46828037/