README: add note about ordering pam_fscrypt before pam_systemd

[ramcq]

As discussed in #278 (comment)

[ebiggers]

Ah, I didn't see you were working on this. I just opened a pull request too (#281), which also does some other things such as improve the default behavior of pam_fscrypt.so so that the lock_policies and drop_caches options aren't needed.

I went with a briefer note about ordering, in-line with the sentence about where to add the line (so that it's harder to miss):

Add the line ... after pam_unix.so in /etc/pam.d/common-session or similar, but before pam_systemd.so or any other module that requires the user's home directory to be available.

Do you think that's sufficient, or could it use more explanation?

[ramcq]

Seems alright, I might've gone a little more explicit on accesses the home directory or starts processes, as it's a little hidden / non-obvious that pam_systemd starts a session behind your back these days. :)

[ebiggers]

Updated to:

Add the line ... after pam_unix.so in /etc/pam.d/common-session or similar, but before pam_systemd.so or any other module that accesses the user's home directory or starts processes which access the user's home directory during their session.

[ebiggers]

#281 was merged, which took care of this.