Allow /dev/tpmrm0 on older systemd versions (#2587)

Older systemd versions require a specific device allow for the tpm to be accessed.

platform/debian/systemd/kanidm-unixd.service

@@ -32,6 +32,8 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true

platform/opensuse/kanidm-unixd.service

@@ -32,6 +32,9 @@ NoNewPrivileges=true
 PrivateTmp=true
 # We have to disable this to allow tpmrm0 access for tpm binding.
 PrivateDevices=false
+# Older versions of systemd require this to be explicitly allowed.
+DeviceAllow=/dev/tpmrm0 rw
+
 ProtectHostname=true
 ProtectClock=true
 ProtectKernelTunables=true

unix_integration/src/unix_config.rs

@@ -78,9 +78,8 @@ impl Display for UidAttr {
 
 #[derive(Debug, Clone, Default)]
 pub enum HsmType {
-    #[cfg_attr(not(feature = "tpm"), default)]
+    #[default]
     Soft,
-    #[cfg_attr(feature = "tpm", default)]
     Tpm,
 }