Of course it isn't easy to detect the case where more than what is required
has been opened up. However possibly with suitable documentation this is not
a major issue?
Do you think the following description of the option would be
sufficient?
*-U*::
This option disables a check for root privileges to allow *chronyd* to
be started under a non-root user, assuming the process will have all
capabilities (e.g. provided by the service manager) and access to all
files, directories, and devices, needed to operate correctly in the
specified configuration. Note that different capabilities might be
needed with different configurations and different Linux kernel
versions. Starting *chronyd* under a non-root user is not recommended
when the configuration is not known, or at least limited to specific
directives.