r/minio: Update container unit for Podman 5

Modern versions of Podman use Netavark, which needs to write various
files on the host file system (even when the container uses the
host's network namespace).

roles/minio/tasks/deploy.yml

@@ -102,6 +102,8 @@
 
 - name: flush_handlers
   meta: flush_handlers
+  tags:
+  - always
 
 - name: ensure minio.service is running
   systemd:

roles/minio/templates/minio.container.j2

@@ -2,6 +2,7 @@
 Description=MinIO Object Storage
 Wants=network-online.target
 After=network-online.target
+RequiresMountsFor={{ minio_storage_path }}
 
 [Container]
 Image={{ minio_container_image }}:{{ minio_version }}
@@ -27,6 +28,9 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectProc=invisible
 ProtectSystem=strict
+ReadWritePaths=/etc/minio/certs
+ReadWritePaths=/etc/containers/networks
+ReadWritePaths=/run
 ReadWritePaths=/var/lib/containers/storage
 ReadWritePaths={{ minio_storage_path }}
 RestrictRealtime=yes