While there are are solutions that currently work based setting the MountFlags as described in earlier answers, my concern is that given that the developers appear to have change the default setting in the past, they may just remove it outright in the future so as to get yet more control in their continuing drive for absolute power.

So, here's my alternative solution: in /usr/local/bin place the following into the file uysdm

#!/bin/bash
umask 077
rp=`mktemp -d /tmp/uysd_XXXXX`
if [ $? != 0 ]; then
 exit 1
fi
mkfifo $rp/fifo

echo $rp/fifo "$*" >/var/uysd/fifo &
X=$!
res=`cat $rp/fifo`
stat=$?
rm -rf "$rp"
wait $X
if [ $? != 0 ]; then
 exit $?
fi
exit "$res"

#!/bin/bash
umask 077
rp=`mktemp -d /tmp/uysd_XXXXX`
if [ $? != 0 ]; then
 exit 1
fi
mkfifo $rp/fifo

echo $rp/fifo "$*" >/var/uysd/fifo &
X=$!
res=`cat $rp/fifo`
stat=$?
rm -rf "$rp"
wait $X
if [ $? != 0 ]; then
 exit $?
fi
exit "$res"

And make it executable.

Then put into file uysdmd

#!/bin/bash
# Up yours systemd mount daemon

if [ ! -e /var/uysd/fifo ]; then
 umask 0077
 mkdir -p /var/uysd
 mkfifo /var/uysd/fifo
fi

(
 while true; do (
 IFS=" "
 read rp mt </var/uysd/fifo
 if [ "$mt" = "" ]; then
 exit 1
 fi
 echo "$mt" | xargs mount >&2
 echo $? >"$rp"
 ) done
) &

And make it executable.

Put into file /lib/systemd/system/uysdmd.service

[Unit]
Description=Up Yours Systemd udev mount daemon

[Service]
ExecStart=/usr/local/bin/uysdmd
Type=forking

[Install]
WantedBy=systemd-udevd.service

Then do sudo systemctl enable uysdmd.service
Finally do sudo systemctl restart systemd-udevd

Now the uysdm program can be used like mount from the udev hook.

This creates a daemon that is listening for requests to perform mounts that it receives from the uysdm command.

It does rather depend on the udev events being handled serially, rather than concurrently, which I believe is the case.

The irony of using a systemd service for this is not lost on me.