package_*_removed removes too many packages on RHEL

[comps]

Description of problem:

For example package_gssproxy_removed actually does:

================================================================================
 Package              Arch       Version            Repository             Size
================================================================================
Removing:
 gssproxy             x86_64     0.8.4-4.el9        @beaker-BaseOS        260 k
Removing dependent packages:
 beakerlib            noarch     1.29.3-1.el9       @beaker-harness       454 k
 beakerlib-redhat     noarch     1-35.el9           @beaker-harness        22 k
Removing unused dependencies:
 bc                   x86_64     1.07.1-14.el9      @beaker-BaseOS        226 k
 keyutils             x86_64     1.6.1-4.el9        @beaker-BaseOS        141 k
 libev                x86_64     4.33-5.el9         @beaker-BaseOS        106 k
 libtirpc             x86_64     1.3.2-1.el9        @beaker-BaseOS        203 k
 libverto-libev       x86_64     0.3.2-3.el9        @beaker-BaseOS         16 k
 nfs-utils            x86_64     1:2.5.4-10.el9     @beaker-BaseOS        1.2 M
 python3-lxml         x86_64     4.6.5-2.el9        @beaker-AppStream     4.2 M
 python3-pyyaml       x86_64     5.4.1-6.el9        @beaker-BaseOS        673 k
 quota                x86_64     1:4.06-6.el9       @beaker-BaseOS        711 k
 quota-nls            noarch     1:4.06-6.el9       @beaker-BaseOS        273 k
 rpcbind              x86_64     1.2.6-2.el9        @beaker-BaseOS        112 k
 time                 x86_64     1.9-18.el9         @beaker-BaseOS         87 k
 yum-utils            noarch     4.0.24-4.el9_0     @beaker-BaseOS         23 k

removing many packages important for OS functionality. Some of these may be packages installed by other rules (nfs-utils?).

Please change the remediations to always call dnf with --noautoremove, ie.

dnf remove --noautoremove package1 package2 ...

SCAP Security Guide Version:

master @ dbf309d

Operating System Version:

RHEL

Additional Information/Debugging Steps:

Discovered this on RHEL-9.0 because STIG remediation would break our tests by removing python-pyyaml, but looking at the package list, many other beakerlib-based tests would be broken too. However that's a separate issue that --noautoremove won't fix (hard dependency on gssproxy).