buildsys: make libpam-zfs a separate package

ZFS includes (since 2.0.0) a pam-module, which takes the login
credentials of an user to unlock their home-dataset.

Enabling it in its current state can cause some side-effects like
prompting for a password when running `su` as root (see [0]).

Our update to ZFS 2.0.0 shipped the pam config in zfsutils-linux,
whereas debian-upstream split it out into its own optional package

This commit adopts this change.
based on debian-upstream [1] commit
cad2f3d24aa44cfdce1e2eae8b6ba027efaba2d6

The issue becomes apparent by installing the current zfsutils-linux
package and running `pam-auth-update --package` (e.g. by installing
an upgraded libpam-runtime package).

[0] https://github.com/openzfs/zfs/issues/11222
[1] https://salsa.debian.org/zfsonlinux-team/zfs/

Reported-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Originally-by: Antonio Russo <aerusso@aerusso.net>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

debian/control

@@ -5,6 +5,8 @@ Maintainer: Proxmox Support Team <support@proxmox.com>
 Build-Depends: debhelper (>= 10~),
                dh-python,
                libblkid-dev,
+               libelf-dev,
+               libpam0g-dev,
                libssl-dev | libssl1.0-dev,
                libtool,
                lsb-release,
@@ -30,6 +32,18 @@ Description: Solaris name-value library for Linux
  transporting data across process boundaries, transporting between
  kernel and userland, and possibly saving onto disk files.
 
+Package: libpam-zfs
+Section: contrib/admin
+Architecture: linux-any
+Depends: libpam-runtime, ${misc:Depends}, ${shlibs:Depends}
+Description: PAM module for managing encryption keys for ZFS
+ OpenZFS is a storage platform that encompasses the functionality of
+ traditional filesystems and volume managers. It supports data checksums,
+ compression, encryption, snapshots, and more.
+ .
+ This provides a Pluggable Authentication Module (PAM) that automatically
+ unlocks encrypted ZFS datasets upon login.
+
 Package: libuutil2linux
 Section: contrib/libs
 Architecture: linux-any

debian/libpam-zfs.install

@@ -0,0 +1,2 @@
+lib/*/security/pam_zfs_key.so
+usr/share/pam-configs/zfs_key

debian/libpam-zfs.postinst

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+pam-auth-update --package
+
+#DEBHELPER#

debian/libpam-zfs.prerm

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = remove ] ; then
+    pam-auth-update --package --remove zfs_key
+fi
+
+#DEBHELPER#

debian/zfsutils-linux.install

@@ -2,7 +2,6 @@
 etc/default/zfs
 etc/zfs/zfs-functions
 etc/zfs/zpool.d/
-lib/*/security/pam_zfs_key.so
 lib/systemd/system-preset/
 lib/systemd/system/zfs-import-cache.service
 lib/systemd/system/zfs-import-scan.service
@@ -119,4 +118,3 @@ usr/share/man/man8/zpoolconcepts.8
 usr/share/man/man8/zpoolprops.8
 usr/share/man/man8/zstream.8
 usr/share/man/man8/zstreamdump.8
-usr/share/pam-configs/zfs_key