security: restrict abis in bitcoind.service

It's recommended to restrict the possible application binary interfaces that can be used when setting `MemoryDenyWriteExecute=true` to ensure it cannot be circumvented.

Author: CharlieC3

contrib/init/bitcoind.service

@@ -81,5 +81,8 @@ PrivateDevices=true
 # Deny the creation of writable and executable memory mappings.
 MemoryDenyWriteExecute=true
 
+# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced
+SystemCallArchitectures=native
+
 [Install]
 WantedBy=multi-user.target