feat: no new priviliges for postgres

https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#NoNewPrivileges=

ensures that the service process and all its children can never gain new privileges through execve()

Author: staaldraad

ansible/files/postgresql_config/postgresql.service.j2

@@ -21,5 +21,6 @@ RestartSec=5
 OOMScoreAdjust=-1000
 EnvironmentFile=-/etc/environment.d/postgresql.env
 LimitNOFILE=16384
+NoNewPrivileges=true
 [Install]
 WantedBy=multi-user.target