* pid1: also remove PID files of a service when the service starts, not just
when it exits
+* seccomp: when SystemCallArchitectures=native is set then don't install any
+ other seccomp filters for any of the other archs, in order to reduce the
+ number of seccomp filters we install needlessly.
+
+* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
+ Apparently kernel performance is much better with fewer larger seccomp
+ filters than with more smaller seccomp filters.
+
* systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum,
mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such