haveged module: clean up service configuration (#18513)

Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).

nixos/modules/services/security/haveged.nix

@@ -51,10 +51,14 @@ in
 
         path = [ pkgs.haveged ];
 
-        serviceConfig = 
+        serviceConfig = {
-          { Type = "forking";
+          ExecStart = "${pkgs.haveged}/bin/haveged -F -w ${toString cfg.refill_threshold} -v 1";
-            ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1";
+          SuccessExitStatus = 143;
-            PIDFile = "/run/haveged.pid";
+          PrivateTmp = true;
+          PrivateDevices = true;
+          PrivateNetwork = true;
+          ProtectSystem = "full";
+          ProtectHome = true;
         };
       };