unbound.service: Use RuntimeDirectory=@UNBOUND_RUN_DIR@

That’s semantically more correct than putting it in `ReadWritePaths`.

It normally maps to `/run` and is cleared when the service is stopped.

contrib/unbound.service.in

@@ -63,7 +63,7 @@ ProtectHome=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectSystem=strict
-RuntimeDirectory=unbound
+RuntimeDirectory=@UNBOUND_RUN_DIR@
 ConfigurationDirectory=unbound
 StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
@@ -73,7 +73,7 @@ SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete
 RestrictNamespaces=yes
 LockPersonality=yes
 RestrictSUIDSGID=yes
-ReadWritePaths=@UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@ @UNBOUND_ROOTKEY_FILE@
+ReadWritePaths=@UNBOUND_CHROOT_DIR@ @UNBOUND_ROOTKEY_FILE@
 
 # Below rules are needed when chroot is enabled (usually it's enabled by default).
 # If chroot is disabled like chroot: "" then they may be safely removed.