Change `--update-from-host` to not default to setting STORAGE_OPTS

[cgwalters]

--update-from-host setting the default STORAGE_OPTS in the environment is convenient in some respects, but it also has a large blast radius in that it affects everything, including podman. I don't think we want podman images to see all of the host images by default.

The most elegant fix here is a bit complicated:

• Teach bootc to fetch configuration from systemd credentials directly (which requires having bootc at least be a transient service...or maybe we inject for now credentials for the user@0.service?)
• Once we have a scoped credential, change bcvk to inject that instead

---

In the short term, perhaps we change our tmpfiles setup to inject /run/update-from-host.env or so and then one does . /run/update-from-host.env && bootc upgrade ?