sandboxing: Use CapabilityBoundingSet=
Adding to the work from !22 (merged), systemd’s CapabilityBoundingSet=
key could be used in data/accounts-daemon.service.in
to limit which kernel capabilities the accounts-service
daemon gets. Currently, the set is unlimited.
Any restrictions here would need to be mindful of the fact that accounts-service
spawns processes like usermod
as subprocesses, which might require elevated capabilities.