CAtlServiceModuleT and CoInitializeSecurity: what to set?

Question

We have a service created with CAtlServiceModuleT hosting one single COM coclass. The documents doesn't really tell much, but by experiment I found out that in order to allow non-elevated processes to connect to our service, we must call

::CoInitializeSecurity(nullptr, -1, nullptr, nullptr, RPC_C_AUTHN_LEVEL_PKT, RPC_C_IMP_LEVEL_ANONYMOUS, nullptr, EOAC_NONE, nullptr)

Now, upon further reading of the CoInitializeSecurity reference, it seems like setting nullptr isn't a good idea. However, I'm not entirely sure what to pass instead?

To preface, our service is intended to just be a local COM server, only called by our own non-elevated program. All we did was generate an ATL Service Template Project with VS2022, added our own COM interface, then register it with <Service Name>.exe /Service.

My questions are:

1. The document of CoInitializeSecurity says

   Passing pSecDesc as NULL is strongly discouraged. An appropriate alternative might be to use a SECURITY_DESCRIPTOR that allows Everyone.

   If so, then what should I pass? Does Everyone here include remote clients, or only local users? What about domains? Is domain involved here?

2. I couldn't quite grasp how the "impersonation" and "cloaking" options would apply to our service, because we simply don't need these? Does this imply that these parameters don't matter?

3. Should we worry about this DCOM thing? We definitely don't need DCOM because we're a local COM server. Am I correct to say that DCOM isn't enabled by default, so I shouldn't need to worry about remote clients connecting to our service?

4. ATL seems a little bit outdated. I know the new replacement for creating COM servers is probably cppwinrt, but can it also easily create COM services like ATL? I couldn't find any cppwinrt service examples though.