MDEV-10004 introduced _WSREP_START_POSITION
as a mechanism to store the mysqld arguments required to recover after crashes. This 'systemctl set-environment' is the only operations that requires PermissionsStartOnly=true in the service file.
If we could replace this with another mechanism we can run as the ordinary User= and make the scripts less vulnerable to CVEs.
This will also enable a multi-instance where each user is different without the complication of re-acquiring the systemd user for the service.