* templates/systemd/mastodon: add new sandboxing options * templates/systemd/mastodon: add '@privileged' and remove duplicates SystemCallFilters * templates/systemd/mastodon: add '@ipc' SystemCallFilter * templates/systemd/mastodon: add '@memlock' SystemCallFilter * templates/systemd/mastodon: allow '@resources' filter to mastodon-web service