Upgrade (1.28.0 -> 1.28.1) and drop NET_BIND_SERVICE workaround

Related to:

- mother-of-all-self-hosting/mash-playbook#25
- dani-garcia/vaultwarden#3387
- dani-garcia/vaultwarden#3403

defaults/main.yml

@@ -4,7 +4,7 @@ vaultwarden_enabled: true
 
 vaultwarden_identifier: vaultwarden
 
-vaultwarden_version: 1.28.0
+vaultwarden_version: 1.28.1
 
 # The fully-qualified name of your Vaultwarden server (e.g. `vaultwarden.example.com`)
 vaultwarden_hostname: ''

templates/vaultwarden.service.j2

@@ -18,18 +18,13 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s
 	- the recheck interval is too long (60s) and the service is considered `starting`
 	- when a service is not `healthy`, Traefik does not reverse-proxy to it -- leading to 1 minute downtime every single time this restarts
 #}
-{#
-	NET_BIND_SERVICE became necessary after the (v1.27.0 -> v1.28.0) upgrade.
-	See: https://github.com/dani-garcia/vaultwarden/issues/3386
-#}
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 			--rm \
 			--name={{ vaultwarden_identifier }} \
 			--log-driver=none \
 			--network={{ vaultwarden_container_network }} \
 			--user={{ vaultwarden_uid }}:{{ vaultwarden_gid }} \
 			--cap-drop=ALL \
-			--cap-add=NET_BIND_SERVICE \
 			--read-only \
 			--hostname={{ vaultwarden_hostname }} \
 			{% if vaultwarden_container_http_bind_port %}