static/writable-paths: set safer options for tmpfs mounts

[alfonsosanchezbeato]

Set safer options for mount points backed by tmpfs, so we make sure that nosuid,nodev are set. The options are the default ones recommended by systemd (see /usr/share/systemd/tmp.mount) and we were actually using them already for /tmp in the initramfs.

[alfonsosanchezbeato]

I've removed the change for /var/lib/sudo as anyway that folder can be used only by root.