Comment 13 for bug 1989008

Seeing as there seems to be agreement and no dissent on the matter, I'm switching this to a public security hardening opportunity now. If there are other services which haven't completed the rootwrap to privsep migration yet (including rewriting their translated privsep rules to be more restrictive), we can add them as affected and use this to track it across projects.