Harden / verify shipped systemd services
Some of our systemd services just have an ExecStart line so they run as root, while this might not be necessary. Another issue is that this does not apply any security hardening which systemd provides.
Finding task https://pkgbuild.vdwaa.nl/?q=ExecStart&i=nope&files=&repos=
Migrated from: https://kanboard.archlinux.org/project/8/task/106