Set security options for the example signal-cli-socket systemd unit (#852)

* Restrict socket access to root and users in the signal-cli group

* Sandbox signal-cli-socket service using systemd features

* Add RemoveIPC too.

* Restore original placeholder for ExecStart path.

data/signal-cli-socket.socket

@@ -3,6 +3,11 @@ Description=Send secure messages to Signal clients
 
 [Socket]
 ListenStream=%t/signal-cli/socket
+SocketUser=root
+# Add yourself to the signal-cli group to talk with the service
+# Run 'usermod -aG signal-cli yourusername'
+SocketGroup=signal-cli
+SocketMode=0660
 
 [Install]
 WantedBy=sockets.target