compartmentalize by running systemd unit as authelia user and group

[feinedsquirrel]

Feature Request

Description

I brought up in the matrix chat a long time ago that I could help transition the systemd unit to use the user= and group= keys. (I'm finally able to work on it.)
As I understand, best practice with systemd units is that we set those to "authelia", as by default the service would otherwise run as user and group "root". It isn't necessarily a vulnerability, but more of another layer in sandboxing (though don't quote me, I'm not an expert).

Use Case

For anyone running Authelia as a systemd service, the process(?) would run as user and group "authelia" instead of "root", increasing sandboxing.

steps to complete

I've got a working example on my machine, though it may not be perfect (as I said before, I'm not an expert).
What I see needing completed:

• add user=authelia and group=authelia to the systemd config (example can be seen in issue Run Authelia with systemd #568)
• add two files: authelia.tmpfiles.conf and authelia.sysusers.conf, placing them at /usr/lib/sysusers.d/authelia.conf and /usr/lib/tmpfiles.d/authelia.conf, respectively (at least for Arch Linux--I've got a functioning sample PKGBUILD)
• add to the redis documentation that if using this systemd unit, the authelia user needs to be added to the redis group (I suspect this may have been one of the problems the original poster in Run Authelia with systemd #568 was having, if they were using redis)
• any other changes to be compatible with the debian, docker, and any other builds (I'm unfamiliar with these)

If this looks correct, I can create a WIP pull request from my fork, and testing and other alterations as needed can begin.
Let me know. Thanks!