This hardens the fail2ban service by giving it only the capabilities and
read/write access it needs.
This is done in accordance to the Arch Wiki article [1] where further
information about the needed capabilities and read/write paths can be
found.
[1] https://wiki.archlinux.org/title/Fail2ban#Service_hardening
