feat: enforce server resources limit with systemd on accounts

[ntorga]

We already use systemd and cgroupsv2 to limit the container resource allocation, however, the resource allocation per user is merely an API limitation. We should push these limits to the systemd user slice so that the kernel may prevent users from using too much resources.

This is important but won't have a very high priority because the API limitation should prevent users from abusing too much AND users aren't allowed to access SSH or run things directly on the host rather than containers they create using the API and dashboard.

[ntorga]

One instance of this is during container snapshot. The IO limit of SPUs are only valid for the containers but not for the snapshot for example. Therefore, during a snapshot of a big container the server may freeze.