Add ReadWritePaths to Hardening schema in deployer

The Hardening type in Omni/Deploy/Manifest.hs needs a readWritePaths :: [Text] field so services can specify paths that should be writable even with ProtectSystem=strict. Example: Ava needs ReadWritePaths=/var/lib/omni to write to the task database.