Revert "execute: Call capability_ambient_set_apply even if ambient set is 0"

Revert "execute: Call capability_ambient_set_apply even if ambient set is 0"

With ambient capabilities being dropped at the start of process managers
(both system and user) as well as systemd-executor it isn't necessary
to drop them here. Moreover, at this point also the inheritable set can
be preserved. This makes it possible to assign a user session manager
inheritable capabilities which combined with file capabilites (ei sets)
of service executables enable running user services with capabilities
but only when started by the manager.

This reverts commit 943800f4e7728feb2416dd57b8c296614497b94f.

Change-Id: I479f6268373ac8b0772f9ac56dd52f45e6003705
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Forwarded: https://github.com/systemd/systemd/pull/32937