(2) Most importantly, I can hack that bash script to do whatever I damn well please.
And, although you can hack the "sendmail.service" file shown in that link, your hack will be overwritten the next time sendmail is updated, since the file is in /usr/lib/systemd/system. Also, /usr could be a read-only filesystem.
Instead, to make your hack effective, you'll need to create a file somewhere under /etc/systemd (your guess is as good as mine...the documentation sucks) that will do what you want. Since there is also no documentation about what, exactly, must be in the file (do you need every entry that was in the original, or can you just override what you want to change?), you'll have to play around for a while to see what works.
The right thing to do is for the sendmail package maintainer to place an example user file in the right place, and comment out everything so it doesn't actually overwrite the default, but the comments will let a sysadmin know what to change if they need to. But this is yet another major problem with systemd...it has so damn many config files, that if every package maintainer did this, you'd have hundreds of files in the override directory, even though you only need a few for the changes you want to make.
So, the really right thing to do is to not keep config files of any sort in /usr/lib, but instead put them only in /etc, and then any changes the user makes there are applied as the should be. This is not the systemd way, though, as the systemd maintainers know much better how your system should be run than you do.