archwiki: apply systemd hardening

roles/archwiki/templates/archwiki-prune-cache.service.j2

@@ -7,5 +7,15 @@ User={{ archwiki_user }}
 WorkingDirectory={{ archwiki_dir }}
 ExecStart=/usr/bin/php {{ archwiki_dir }}/public/maintenance/pruneFileCache.php -q --agedays 1
 
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
 [Install]
 WantedBy=multi-user.target