Add resilient Jenkins inbound agent setup

deploy/systemd/jenkins-agent@.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=Jenkins inbound agent %i
+Wants=network-online.target
+After=network-online.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+User=root
+Group=root
+EnvironmentFile=/etc/jenkins-agent/%i.env
+WorkingDirectory=/var/lib/jenkins/agent/%i
+ExecStart=/usr/local/bin/jenkins-inbound-agent-start %i
+Restart=always
+RestartSec=10
+KillSignal=SIGINT
+TimeoutStopSec=30
+
+# 当前生产流水线仍包含服务器初始化、systemd 与 Nginx 写入等特权操作。
+# 后续若将 agent 降权到 jenkins 用户，需要先把流水线命令收敛到精确 sudo 白名单。
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target