All those lines where you noted whether it needs to be changed are system folders for bitcoind's configuration, logging, and the folder where it puts its PID file (so you don't run duplicate bitcoind's by accident) so they need to be changed to other folders because
the "bitcoin" user, and everybody but root for the matter, does not have permissions to access your home folder. There isn't even a bitcoin user automatically created.
Rather than mucking with the permissions with your home folder, which ends up with bad results as I've tried, you should just change the bitcoin user/group to whatever your own user and group are.
Then you need to change some of the entries to remove the system wide folders:
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin < ------ You don't need this
...
User=bitcoin < -------- Change to your own user
Group=bitcoin < -------- Change to your own group
### You should probably remove all this since the paths
### can't be changed to outside /run, /etc and so on
# /run/bitcoind
RuntimeDirectory=bitcoind < -------- not sure if this also needs changes or not...???
RuntimeDirectoryMode=0710 < -------- not sure if this also needs changes or not...???
# /etc/bitcoin
ConfigurationDirectory=bitcoin < -------- not sure if this also needs changes or not...???
ConfigurationDirectoryMode=0710 < -------- not sure if this also needs changes or not...???
# /var/lib/bitcoind
StateDirectory=bitcoind < -------- not sure if this also needs changes or not...???
StateDirectoryMode=0710 < -------- not sure if this also needs changes or not...???
###
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Deny access to /home, /root and /run/user
ProtectHome=true < ----- I would probably remove this since your bitcoind is in /home but leave the rest as is
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
The Hardening entries are security measures to reduce damage someone with a crazy-looking ZMQ message (think blocks and transactions from other peers) can do to your node.
I know this isn't relevant to your problem, but in an ideal case if you have different bitcoin core builds, each would be in a different folder directly under your home folder, each with the stuff that would've normally been under ~/.bitcoin be in their own folder, so for instance a bitcoin.conf file under ./etc, a bitcoind.pid file under ./run, your wallets, blocks and chainstate and stuff under ./var instead of it using the system wide paths.
Basically such a topology would look like his:
home /
notatether /
bitcoin-0.21 /
etc /
bitcoin.conf
bin /
...
lib /
...
run /
bitcoind.pid
var / <-- Symlink this to your external disk using this kind of folder structure
wallets/
chainstate/
blocks/
debug.log
...
bitcoin-0.20 /
...
This allows you to have multiple systemd unit files to launch each of these different bitcoind folders.