Ticket 50889 - Extract pem files into a private namespace
Bug Description:
since 1.3.5, certificates and keys are, by default, extracted under
nsslapd-certdir directory. They are exracted in pem files.
Some pem files (i.e. Serv-Cert-Key.pem) contain sensitive.
The ticket is to extract them into a private namespace specific
to the DS process.
Fix Description:
If the process is started with systemd, it uses the PrivateTmp=on
directive to create a private namespace.
Then if such private namespace exists DS extracts the certificates/keys
under it. Else it extracts the PEM files under usual nsslapd-certdir directory
https://pagure.io/389-ds-base/issue/50889
Reviewed by: William Brown
Platforms tested: F30
Doc impact: yes