Is it possible to harden systemd below 7.0 if my package needs permissions to install other packages?

I am not sure if my question has a proper answer but I still wanted to try. I want to harden my app systemd, the problem is that my package needs permissions to install other packages (that is one of the most problematic things I guess). I was able to drop my rating to around 7.0 with among others: NoNewPrivileges, various ProtectKernel, ProtectHome, ProtectProc, ProtectClock and some others. The thing is, I am not able to use "the most powerful" entrys like PrivateTmp, ProtectSystem, PrivateDevices, MemoryDenyWriteExecute, ProtectHostname, LockPersonality. I am wondering, If my hands are tied without the entrys above and I should simply harden my package with other methods or I can still do something more with systemd? Thanks!