Implement service teardown
Whenever services are rescheduled (even with our silly static scheduler), we are going to leave services behind: right now, the automation can only turn down unneeded Docker containers.
But the recent addition of "systemd_services" to the service definition spec may allow us to do the same for systemd services defined by our Ansible roles.
Note: this still won't handle services that are removed (unlike for Docker containers, the list of system-built-in systemd services is large and we can't detect those that "should not be there" easily)... that might require some sort of tombstone feature instead.