fix(left4me): drop ProcSubset=pid from server unit too

Same pattern as the web-unit fix (commit b3f...): ProcSubset=pid hides
/proc/cpuinfo and /proc/sys/*. Source's tier0/cpu.cpp asserts on
cpuinfo read failure; SteamAPI_Init then fails with "create pipe
failed" as a downstream cascade, and srcds registers as LAN (rejecting
external clients with "LAN servers are restricted to local clients").

PrivatePIDs=true (private PID namespace) remains the load-bearing
peer-process isolation: no foreign PIDs visible to srcds in its own
namespace. ProtectProc=invisible is the foreign-uid /proc hide.
ProcSubset=pid was a defense-in-depth layer hiding kernel-introspection
files (cpuinfo, meminfo, sysctls); losing it only exposes host kernel
info, which is not sensitive in this threat model and is the same
information any user on the host already sees.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

bundles/left4me/metadata.py

@@ -159,7 +159,15 @@ HARDENING_COMMON = {
 # socket binds.
 HARDENING_SERVER = {
     **HARDENING_COMMON,
-    'ProcSubset': 'pid',
+    # ProcSubset=pid was here but had to come out: it hides /proc/cpuinfo
+    # and /proc/sys/*, which breaks Source's tier0/cpu.cpp and (downstream)
+    # SteamAPI_Init's "create pipe" step — server then registers as LAN
+    # and rejects external clients with "LAN servers are restricted to
+    # local clients (class C)". PrivatePIDs=true (kernel-level PID
+    # namespace) remains the load-bearing peer-process isolation, and
+    # ProtectProc=invisible is the foreign-uid /proc hide. Losing
+    # ProcSubset=pid only exposes host kernel info (cpuinfo, meminfo,
+    # sysctls), which is not sensitive in this threat model.
     'NoNewPrivileges': 'true',
     'RestrictSUIDSGID': 'true',
     'PrivateUsers': 'true',