add CAP_NET_BIND_SERVICE to coder.service (#2699)

* add CAP_NET_BIND_SERVICE to systemd unit

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>

coder.service

@@ -16,7 +16,7 @@ ProtectSystem=full
 PrivateTmp=yes
 PrivateDevices=yes
 SecureBits=keep-caps
-AmbientCapabilities=CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
 CacheDirectory=coder
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
 KillSignal=SIGINT