examples: improve systemd unit files

Add the PrivateTmp, ProtectHome, and ProtectSystem directives to better
secure the system from chronyd. It's taken from the Debian chrony
package.

examples/chrony-wait.service

@@ -1,5 +1,6 @@
 [Unit]
 Description=Wait for chrony to synchronize system clock
+Documentation=man:chronyc(1)
 After=chronyd.service
 Requires=chronyd.service
 Before=time-sync.target

examples/chronyd.service

@@ -10,6 +10,9 @@ Type=forking
 PIDFile=/var/run/chronyd.pid
 EnvironmentFile=-/etc/sysconfig/chronyd
 ExecStart=/usr/sbin/chronyd $OPTIONS
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
 
 [Install]
 WantedBy=multi-user.target