control: added some actual ldv@'s settings

As noted in the comment, these include a few quite strong ones:
- sshd(8) will only allow in "wheel" and "users" members
  by keys, no password access is allowed;
- password change even by root is subject to quality checks;
- su(8) is only useful to lower privileges and not gain those
  (so root access is available either through local console
  or via use of ssh keys).

Don't use if frowned upon.

features.in/control/config.mk

@@ -6,3 +6,18 @@ use/control:
 # some presets
 use/control/sudo-su: use/control
 	@$(call add,CONTROL,su:public sudo:public)
+
+# recommended by ldv@ ;-)
+# note that:
+# - sshd-allow-groups results in "AllowGroups wheel users"
+# - unprivileged su is used to drop privileges, not gain those
+use/control/server/ldv: use/control
+	@$(call add,CONTROL,mount:unprivileged)
+	@$(call add,CONTROL,passwdqc-enforce:everyone)
+	@$(call add,CONTROL,ping:netadmin)
+	@$(call add,CONTROL,ping6:restricted)
+	@$(call add,CONTROL,postqueue:mailadm)
+	@$(call add,CONTROL,sftp:disabled)
+	@$(call add,CONTROL,sshd-allow-groups:enabled)
+	@$(call add,CONTROL,sshd-password-auth:disabled)
+	@$(call add,CONTROL,su:restricted)