Suggest optional security hardening in systemd service

[JustArchi]

☑️ Resolves

This is similar to pull request nextcloud/notify_push#704 that I opened for notify_push. I didn't find any existing issue opened that this PR resolves.

In particular, this PR adds a few additional [Service] systemd entries that are wanted for people that want to ensure additional security bulletproofing on their system.

I verified that nextcloud's cron service works properly with no errors or warnings upon applying. I've been using this configuration on my own machine since a few weeks now and everything is working properly - most importantly, nextcloud reports new version as available for updating, which proves that the most crucial cron functionality works properly.

I believe this is worthy addition. If you want to make it truly optional, I can also comment out all of those entries, leaving them up to the user to enable. Considering the fact that it doesn't create any apparent issues however, I believe they should be enabled by default.

Thanks in advance for considering this PR.

🖼️ Screenshots

✅ Checklist

• I have built the documentation locally and reviewed the output
• Screenshots are included for visual changes
• I have not moved or renamed pages (or added a redirect if I did)
• I have run codespell or similar and addressed any spelling issues

[skjnldsv]

Hey! Thanks for this PR!
Could you provide some source for those parameters ? I have no knowledge on the matter, but I feel it would be better with some source or comments on why they're good addition for hardening :)