feat: limit /etc to readonly

https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ReadWritePaths=

Prevent postgres, or child-process of, from writing to /etc

Author: staaldraad

ansible/files/postgresql_config/postgresql.service.j2

@@ -21,5 +21,8 @@ RestartSec=5
 OOMScoreAdjust=-1000
 EnvironmentFile=-/etc/environment.d/postgresql.env
 LimitNOFILE=16384
+{% if supabase_internal is defined %}
+ReadOnlyPaths=/etc
+{% endif %}
 [Install]
 WantedBy=multi-user.target