feat: add vault agent systemd service file

[f4z3r]

Ideas behind the configuration of the service:

• Keep sandboxing to a maximum, secrets should, for instance, be written to /run/vault-agent/, as most of the filesystem is write protected.
• Can also use the vault user. Vault itself will not run on the same host, as it should be running as the only process on the machine (see hardening), thus one can assume that the vault user is uniquely used by the agent.
• The sample configuration in /etc/vault.d/agent.hcl was taken from the online docs, with small modification to have the sinks on paths that can be written to (/etc/ is mounted as read-only due to ProtectSystem=full).

Relates-to: hashicorp/vault#19511