nixos/redis: loosen systemd address family restrictions

Do not assume that port and unixSocket are the only options that affect
address families used by Redis. There are other options, e.g. tls-port,
and also clustered setup that are not covered by the declarative
configuration. Instead of trying to selectively restrict unused address
families based on the configuration, limit address families to IP and
Unix sockets and let users lib.mkForce a stricter sandboxing is needed.

See also
https://docs.redis.com/latest/rs/networking/port-configurations/

nixos/modules/services/databases/redis.nix

@@ -393,9 +393,7 @@ in {
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectControlGroups = true;
-        RestrictAddressFamilies =
-          optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
-          optional (conf.unixSocket != null) "AF_UNIX";
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictNamespaces = true;
         LockPersonality = true;
         MemoryDenyWriteExecute = true;