units: make sure importd has CAP_LINUX_IMMUTABLE flag

Since d8f9686c0f1f276c0a687d9bd69f3adf33f15a95 we use the chattr +i flag
for marking containers in directories as reead-only. But to do so we
need the cap for it, hence grant it.

Fixes: #19115

units/systemd-importd.service.in

@@ -16,7 +16,7 @@ Documentation=man:org.freedesktop.import1(5)
 ExecStart={{ROOTLIBEXECDIR}}/systemd-importd
 BusName=org.freedesktop.import1
 KillMode=mixed
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE
 NoNewPrivileges=yes
 MemoryDenyWriteExecute=yes
 ProtectHostname=yes