privileged: Add systemd units for socket activating the daemon

Tests:

- Daemon starts up with uid/gid set to root.

- Daemon does not run by default if a request is not received. Socket file is
  created with 666 permissions and root:root ownership. Socket file parent directory
  is created with 755 permissions and root:root ownership.

- Daemon starts if a request is sent to the socket using nc.

- If there an exception in daemon starting, then restart is done every second to
  5 seconds, forever.

- Build a Debian package.

  - Install it on fresh trixie Debian VM. Ensure that setup works and privileged
    daemon is auto-enabled.

  - Start a fresh trixie Debian VM and install freedombox from Debian repos.
    Upgrade to the built package. Privileged daemon works and is auto-enabled.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>

data/usr/lib/systemd/system/freedombox-privileged.service

@@ -0,0 +1,21 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+[Unit]
+Description=FreedomBox Privileged Service
+Documentation=https://wiki.debian.org/FreedomBox/
+# Don't hit the start rate limiting.
+StartLimitIntervalSec=0
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/freedombox-privileged
+TimeoutSec=300s
+User=root
+Group=root
+NotifyAccess=main
+PrivateTmp=yes
+Restart=on-failure
+# Don't restart too fast
+RestartSec=1
+RestartSteps=3
+RestartMaxDelaySec=5

data/usr/lib/systemd/system/freedombox-privileged.socket

@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+[Unit]
+Description=FreedomBox Privileged Service Socket
+Documentation=https://wiki.debian.org/FreedomBox/
+
+[Socket]
+Accept=no
+ListenStream=/run/freedombox/privileged.socket
+SocketUser=root
+SocketGroup=root
+SocketMode=0666
+DirectoryMode=755
+
+[Install]
+WantedBy=sockets.target

debian/rules

@@ -34,4 +34,5 @@ override_dh_installsystemd:
 	# (as of debhelper 13.5.2) that still has hardcoded search path of
 	# /lib/systemd/system for searching systemd services. See #987989 and
 	# reversion of its changes.
-	dh_installsystemd --tmpdir=debian/tmp/usr --package=freedombox plinth.service
+	dh_installsystemd --tmpdir=debian/tmp/usr --package=freedombox \
+		plinth.service freedombox-privileged.socket