Re-enable hidepid

When porting to Jessie we’ve tried to enable the hidepid=2 hardening feature but we reverted it as it broke stuff (e.g. #8256 (closed)). It seems one can make hidepid=2 work:

pass gid=<gid> mount option for /proc
give systemd-logind.service the SupplementaryGroups=<gid> option
possibly some more services need to have SupplementaryGroups=<gid>, e.g. polkitd; testing will tell
add the polkitd user to the <gid> group

See https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid for details and possibly more up-to-date info.

Original created by @intrigeri on 16074 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information