Harden systemd unit

The current version of the systemd unit for zerotier-one linux agent is “unsafe” at least based on the systemd default analyser do think so:

systemd-analyze security zerotier-one.service

Overall exposure level for zerotier-one.service: 9.6 UNSAFE

Kind of good example is usbguard https://github.com/USBGuard/usbguard/blob/5505735ad83fbbed79504aaa4297baf4ce791642/usbguard.service.in