MDEV-36721: remove PrivateDevices=false from systemd services

[grooverdan]

trafficstars

• [x] The Jira issue number for this PR is: MDEV-36721

Description

The association between PrivateDevices=false and NoNewPrivileges as an old mistake in the kernel that has been now corrected.

This was in 2019 via Debian bug #911152.

Release Notes

This removes PrivateDefaults=false from systemd service files. This means the default is now PrivateDevices=true providing more security. The old kernels where this was an issue should not be in use. Those uses using a specific InnODB on raw partitions via innodb_data_file_path=/dev/XXX then reapply PrivateDevices=false locally as documented https://mariadb.com/kb/en/systemd/#useful-systemd-options.

How can this PR be tested?

per package autobake-install tests on https://buildbot.mariadb.org/#/grid?branch=bb-10.11-systemd-remove-privatedevices-pkgtest which perform a systemctl start on the native kernel for the distro.

If the changes are not amenable to automated testing, please explain why not and carefully describe how to test manually.

Basing the PR against the correct MariaDB version

• [ ] This is a new feature or a refactoring, and the PR is based against the main branch.
• [X] This is a bug fix, and the PR is based against the earliest maintained branch in which the bug can be reproduced.

PR quality check

• [X] I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
• [X] For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.