[cern] Don't relabel /var/lib/kubelet in kubelet.service unit

CSI volume mounts used by Pods live under:

• /var/lib/kubelet/plugins/kubernetes.io/csi/pv/<PV>/globalmount
• /var/lib/kubelet/pods/<POD>/volumes/kubernetes.io~csi/<PV>/mount

If the filesystem of the mounted volume doesn't support xattrs (e.g. FUSE), relabeling fails, and podman run exits with error.

/var/lib/kubelet may still need to be relabeled, but maybe we can do this at node creation time?

Closes: #19 (closed)