Fully unpriviledged systemd service

[JGoutin]

Currently, we keep the way Fedora is running the service by default but add some sandboxing on it.

But, systemd allows running services fully rootless. Mainly by using DynamicUser= and sockets units.

Notes:

• Make this optional ?
• There are maybe some issues with socket sharing between services.
• For each software, check if there is some extra requirements for running them with root
• Also use chroot to restrict path accesses ? RootDirectory=