Use systemd sandboxing and resource limiting features for tracker processes

We ship systemd units for the Tracker daemons. Systemd has some some sandboxing features that we could take advantage of.

We already have a seccomp sandbox for tracker-extract. This works but is a bit fragile. In fact, systemd now provides its own equivalent, the SystemCallFilter=.

Flags which look interesting include: ProtectHome=yes, PrivateTmp=yes, PrivateDevices=yes, PrivateNetwork=yes, PrivateUsers=yes

I imagine that use of these flags would imply an increase in the minimum required version of systemd for our systemd units.

I'm not sure which distros are currently making use of the .service files that we ship, and which are using their own. Using bootable VM images of GNOME would be a good candidate for testing this.