allowing user to run systemctl/systemd services without password

The sudoers file is fairly flexible, and with that comes complexity. What you want here is to permit access to the command /bin/systemctl, with specific parameters:

%LimitedAdmins ALL=NOPASSWD: /bin/systemctl restart unicorn_my_app.service

Basically you just take the exact command line that you would type, hard-code the path name for safety's sake, and put that into your sudoers file (or /etc/sudoers.d). And note that 'start' and 'restart' are completely different as far as sudo is concerned; permitting one won't grant access to the other.