nixos-rebuild: add option --use-remote-sudo-activate

[oxalica]

Motivation for this change

Current option --use-remote-sudo doesn't work when remote sudo asking for password.
And it also cause all command to be prefixed by sudo, including commands for building, copying and querying,
which usually doesn't need root permission at all.

In this PR:

• Added an option --use-remote-sudo-activate for minimal usage of sudo, which only acquire root permission on activation related commands.
• Added -t for ssh when sudo is used. This is needed when sudo asking for password.

Tested commands test and boot with --target-host --use-remote-sudo-activate.

Related commits:

• nixos-rebuild: add explicit option to enable (remote) sudo (nixos-rebuild: add explicit option to enable (remote) sudo #71849)
• nixos-rebuild: fix the maybeSudo usage

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[stale]

I marked this as stale due to inactivity. → More info

[iagocq]

still relevant to me, as it makes remote passwords work

[noonien]

I'm also facing this issue, currently the solution is either to deploy with a separate script, or have paswordless sudo which is a major security issue IMO.

[FRidh]

I think the old option needs to be changed to this. As mentioned, the old behavior is insecure, so that is enough reason to change it's behavior.