DCD-418: Limit permissions on the systemd unit and move DB params to the environment.

roles/product_startup/molecule/default/tests/test_default.py

@@ -9,3 +9,6 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 def test_service_file(host):
     f = host.file('/etc/systemd/system/jira-software.service')
     assert f.contains("^ExecStart=/opt/atlassian/jira-software/current/bin/start-jira.sh -fg$")
+    assert f.user == 'root'
+    assert f.user == 'root'
+    assert f.mode == 0o0640

roles/product_startup/tasks/main.yml

@@ -4,6 +4,9 @@
   template:
     src: "product.service.j2"
     dest: "/etc/systemd/system/{{ atl_systemd_service_name }}"
+    owner: root
+    group: root
+    mode: 0640
   notify:
     - Enable Product
     - Restart Product