trivial: Add a new configuration option systemd_unit_user

This option will control what user the fwupd-refresh.service unit
uses.

data/motd/fwupd-refresh.service.in

@@ -7,7 +7,7 @@ After=network.target
 Type=oneshot
 CacheDirectory=fwupdmgr
 StandardError=null
-DynamicUser=yes
+@user@
 RestrictAddressFamilies=AF_NETLINK AF_UNIX AF_INET AF_INET6
 SystemCallFilter=~@mount
 ProtectKernelModules=yes

data/motd/meson.build

@@ -14,6 +14,17 @@ con2.set('bindir', bindir)
 con2.set('motd_fullpath', motd_fullpath)
 
 if libsystemd.found()
+  if get_option('systemd_unit_user') == ''
+      con2.set('user', 'DynamicUser=yes')
+  else
+      dynamic_options = [
+                         'ProtectSystem=strict',
+                         'ProtectHome=read-only',
+                         'User=' + get_option('systemd_unit_user')
+                        ]
+      con2.set('user','\n'.join(dynamic_options))
+  endif
+
   configure_file(
     input : 'fwupd-refresh.service.in',
     output : 'fwupd-refresh.service',

meson_options.txt

@@ -53,6 +53,7 @@ option('plugin_powerd', type : 'feature', description : 'support for powerd', de
 option('qubes', type : 'boolean', value : false, description : 'build packages for Qubes OS')
 option('supported_build', type : 'feature', description: 'distribution package with upstream support', deprecated: {'true': 'enabled', 'false': 'disabled'})
 option('systemd', type : 'feature', description : 'systemd support', deprecated: {'true': 'enabled', 'false': 'disabled'})
+option('systemd_unit_user', type : 'string', description : 'User account to use for fwupd-refresh.service (empty for DynamicUser)')
 option('systemd_root_prefix', type: 'string', value: '', description: 'Directory to base systemd’s installation directories on')
 option('elogind', type : 'feature', description : 'elogind support', deprecated: {'true': 'enabled', 'false': 'disabled'})
 option('tests', type : 'boolean', value : true, description : 'enable tests')