Move unconfined_domain(sap_unconfined_t) to an optional block

This policy statement needs to be in an optional block for cases
when the unconfined module is disabled or removed.

Resolves: RHEL-37663

policy/modules/contrib/sap.te

@@ -4,10 +4,13 @@ type sap_unconfined_t;
 type sap_exec_t;
 files_type(sap_exec_t);
 init_daemon_domain(sap_unconfined_t, sap_exec_t)
-unconfined_domain(sap_unconfined_t)
 
 #type sap_tmp_t;
 #files_tmp_file(sap_tmp_t);
 #manage_dirs_pattern(sap_unconfined_t, sap_tmp_t, sap_tmp_t)
 #manage_files_pattern(sap_unconfined_t, sap_tmp_t, sap_tmp_t)
 #files_tmp_filetrans(sap_unconfined_t, sap_tmp_t, { dir file })
+
+optional_policy(`
+	unconfined_domain(sap_unconfined_t)
+')