r/frigate: Work around podman/netavark lock

Podman 4 puts lock files in the configuration directory for [some stupid
reason][0].  There are so many issues here!

* It is now impossible to run `podman` as root with a read-only `/etc`.
* Why does it need the lock file at all when using `--network=host`?

Luckily, we can work around it fairly easily by mounting a tmpfs
filesystem over the directory it wants to put the lock file in.  This
pretty much defeats the purpose of having a lock file, but it's likely
not needed anyway.

[0]: 836fa4c493

roles/frigate/templates/frigate.service.j2

@@ -25,6 +25,10 @@ ExecStart=/usr/bin/podman run \
 {% endif %}
     docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
 ProtectSystem=full
+{% if ansible_distribution == 'Fedora' and ansible_distribution_version|int >= 36 %}
+TemporaryFileSystem=/etc/containers/networks
+ReadWritePaths=/etc/containers/networks
+{% endif %}
 UMask=0077
 
 [Install]