Harden systemd unit file

contrib/lgregmapper.service

@@ -14,6 +14,16 @@ User=lglass
 Group=lglass
 Type=simple
 Restart=on-failure
+# service hardening
+ProtectSystem=strict
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+PrivateTmp=yes
+PrivateDevices=yes
+DevicePolicy=closed
+MemoryDenyWriteExecute=yes
+ProtectHome=true
+#
 ExecStart=/opt/lgregmapper/lgregmapper -b ":11211"
      
 #########################################################################