Add low memory protection

[kakra]

If the system is under memory stress, memory allocation latency spikes which disrupts proper operation of portmaster, resulting in DNS timeouts. While the memory pressure persists, portmaster never recovers.

Fix it by adding a low memory protection to the systemd service. From experiments, 2 GB is enough to stop the system from swapping important memory of portmaster and reduce cache thrashing. A lower value like 1 GB might work, too. The resident size of portmaster peaks at around 530 MB for me but this value as low protection is not enough, we need to protect some IO cache memory, too.

After applying to the running service, DNS operation almost instantly recovers.

[dhaavi]

Hey @kakra, thanks for the improvement!

FYI: I will merge the PR now, but we currently have no new release for the installers scheduled, as we are currently transitioning to a new build system, which builds everything at once over in the main portmaster repo.

[kakra]

Thanks @dhaavi. This file is referenced by the docs, so I thought it would be still worth it. Maybe the wiki should be improved where it doesn't directly link to this file.