Set ProtectHome in systemd service file

Further hardening; the service should be run with as many restrictions
as possible without breaking it.

contrib/init/bitcoind.service

@@ -58,6 +58,9 @@ PrivateTmp=true
 # Mount /usr, /boot/ and /etc read-only for the process.
 ProtectSystem=full
 
+# Deny access to /home, /root and /run/user
+ProtectHome=true
+
 # Disallow the process and all of its children to gain
 # new privileges through execve().
 NoNewPrivileges=true