Install and run firewalld for CI's firewalld tests

The github action running bake expected FIREWALLD to be set, but
DOCKER_FIREWALLD was set instead, so firewalld wasn't installed
in the dev image.

The dind-systemd script expected DOCKER_FIREWALLD to be set if it
needed to run firewalld, and it was. But it had no effect.

In CI, bake builds the image then make runs it - and the use the
same env. So, align on FIREWALLD (as it's not a docker feature).

Signed-off-by: Rob Murray <rob.murray@docker.com>

hack/dind-systemd

@@ -66,7 +66,7 @@ fi
 # Allow connections coming from the host (through eth0). This is needed to
 # access the daemon port (independently of which port is used), or run a
 # 'remote' Delve session, etc...
-if [ "${DOCKER_FIREWALLD:-}" = "true" ]; then
+if [ "${FIREWALLD:-}" = "true" ]; then
 	cat > /etc/firewalld/zones/trusted.xml << EOF
 <?xml version="1.0" encoding="utf-8"?>
 <zone target="ACCEPT">
@@ -83,7 +83,7 @@ env > /etc/docker-entrypoint-env
 cat > /etc/systemd/system/docker-entrypoint.target << EOF
 [Unit]
 Description=the target for docker-entrypoint.service
-Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ "${DOCKER_FIREWALLD:-}" = "true" ] && echo firewalld.service)
+Requires=docker-entrypoint.service systemd-logind.service systemd-user-sessions.service $([ "${FIREWALLD:-}" = "true" ] && echo firewalld.service)
 EOF
 
 quoted_args="$(printf " %q" "${@}")"