Enable it for the daemon and both mock backends. This instructs systemd
to clone the processes into their own private network namespaces, which
denies them access to the main network namespace (and hence denies all
network access).

See:
 • https://www.freedesktop.org/software/systemd/man/systemd.exec.html\
   #PrivateNetwork=
 • https://lwn.net/Articles/531381/
 • https://fedoraproject.org/wiki/Changes/\


   PrivateDevicesAndPrivateNetwork

This also adds an integration test to check it’s worked, which is
designed to be expanded to cover other namespaces in future.

Signed-off-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3196