Is your feature request related to a problem? Please describe.
It seems that almost every application will call this, because it's called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start. My local call stack (with LTO):

#0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2)
#1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2)
#2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2)
#3 _start (/usr/lib64/ld-linux-x86-64.so.2)

Looking through the source, I think it's this (links for glibc 2.34):

• First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features.
• Then init_cpu_features calls get_cet_status.
• At last, get_cet_status invokes arch_prctl.

Describe the solution you'd like
Moving arch_prctl from @process to @default in src/shared/seccomp-util.c.

Describe alternatives you've considered

• Add arch_prctl or @process to SystemCallFilter= manually. The former would be strange, because a service likely doesn't use that call itself, the latter might be more than needed.
• The flag hasn't actually made it into the kernel yet (the discussion seems to be ongoing). So we might wait until it actually lands. If it doesn't, glibc will likely remove that call or replace it with whatever the kernel devs can agree on.

The systemd version you checked that didn't have the feature you are asking for
Version is 249.7, but I don't see relevant changes since then.