Welcome back! 
See also:
Apply systemd sandboxing by default to some services
I don’t think it is useful to look at that as a whole and without context.
- Context: compare with other distributions
- as a whole: It lists services which aren’t even active. For some services it doesn’t make sense to add systemd hardening. That would only lead to higher system instability / more bugs. For some services it would be up to upstream to add systemd hardening. Each service needs to be looked at individually for attack surface and possible containment.
I wonder what systemd would say “add systemd hardening to systemd-fsckd.service / rescue.service”. Might not make sense.
Maybe it would make sense to contain for example qubes-updates-proxy.service but that’s upstream. I cannot add systemd hardening to every upstream which Whonix relies on. Probably enough work to keep 10 people full time busy…