added guardrails on enabled and state flags to systemd mask tasks

[numericillustration]

Overall Review of Changes:
I added guardrails on enabled and state flags to systemd mask tasks to only disable and stop when the package is installed, o therwise just mask to prevent the service from ever starting should it get installed at a later time. This allows hardening to proceed when the service doesn't exist but masking has been requested. Otherwise the playbook run will fail at a step when the service which comes with the package doesn't already exist

NOTE that I found this method already done in the RHEL7 version of these mask tasks.

Issue Fixes:
[Please list (using linking) any open issues this PR addresses
this fixes #434

Enhancements:
This fixes the same issue for all the other mask tasks for which there are not bugs filed

How has this been tested?:
Please give an overview of how these changes were tested. If they were not please use N/A

example testing scenario: net-snmp is not installed:

[michael.hicks@ams101-0212-h04-lab ~]$ rpm -qa | grep net-snmpd
[michael.hicks@ams101-0212-h04-lab ~]$
[michael.hicks@ams101-0212-h04-lab ~]$ sudo systemctl status snmpd
Unit snmpd.service could not be found.

run CIS hardening scoped to this tag and see output note change

TASK [../roles/RHEL9-CIS : 2.1.14 | PATCH | Ensure snmp services are not in use | Mask service] *****************************************************
Wednesday 04 March 2026  11:08:30 -0800 (0:00:00.062)       0:00:20.098 *******
changed: [ams101-0212-h04-lab]

and the reset of the tasking continues rather than an error. Final state on host is that the service is masked despite the package not being installed

[michael.hicks@ams101-0212-h04-lab ~]$ rpm -qa | grep net-snmpd
[michael.hicks@ams101-0212-h04-lab ~]$ sudo systemctl status snmpd
○ snmpd.service
     Loaded: masked (Reason: Unit snmpd.service is masked.)
     Active: inactive (dead)