data: Tighten up systemd sandboxing of accounts-daemon.service

Tighten up the sandboxing of the daemon, paying particular attention to
file system access. Further work could be done to make the daemon run as
a non-root user (User=/Group=/DynamicUser=), drop capabilities
(CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).

This is a reasonable starting point, though. It has been tested with
adding, modifying and deleting users, and reading/writing user extension
data. Testing was done on a Fedora and a Debian-based system.

The useradd/userdel/usermod subprocesses require a lot of permissions
which the accounts-service daemon itself doesn’t. In future, it might
make sense to run them in a separate privilege-escalated sandbox, and
further restrict the permissions of the accounts-service daemon itself.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

!22
1 job for master in 1 minute and 15 seconds
Status Job ID Name Coverage
  Test
passed #286676
build-fedora

00:01:15