nixos-container: use systemd-run instead of nsenter

This is the first step for unprivileged nixos containers support.
Fixes NixOS#30019. See also NixOS#18825, NixOS#57083, and NixOS#67130.

pkgs/tools/virtualization/nixos-container/nixos-container.pl

@@ -9,7 +9,6 @@
 use Cwd 'abs_path';
 use Time::HiRes;
 
-my $nsenter = "@utillinux@/bin/nsenter";
 my $su = "@su@";
 
 # Ensure a consistent umask.
@@ -270,9 +269,10 @@ sub restartContainer {
 # Run a command in the container.
 sub runInContainer {
     my @args = @_;
-    my $leader = getLeader;
-    exec($nsenter, "-t", $leader, "-m", "-u", "-i", "-n", "-p", "--", @args);
-    die "cannot run ‘nsenter’: $!\n";
+
+    exec("systemd-run", "--machine", $containerName, "--pty", "--quiet", "--", @args);
+
+    die "cannot run ‘systemd-run’: $!\n";
 }
 
 # Remove a directory while recursively unmounting all mounted filesystems within