install: fix addVolume perm issue for some users

As reported in NixOS#5198, volume creation can fail with a permission error
for some macOS users (probably secondary user accounts?) Sudo appears
to be sufficient to avoid this.

While I'm here, I also updated the sudo invocation added in 079bde2
to use the _sudo explanation wrapper.

scripts/create-darwin-volume.sh

@@ -715,7 +715,8 @@ create_volume() {
     # 6) getting special w/ awk may be fragile, but doing it to:
     #    - save time over running slow diskutil commands
     #    - skirt risk we grab wrong volume if multiple match
-    /usr/sbin/diskutil apfs addVolume "$NIX_VOLUME_USE_DISK" "$NIX_VOLUME_FS" "$NIX_VOLUME_LABEL" -nomount | /usr/bin/awk '/Created new APFS Volume/ {print $5}'
+    _sudo "to create a new APFS volume $NIX_VOLUME_LABEL ($NIX_VOLUME_USE_DISK)" \
+        /usr/sbin/diskutil apfs addVolume "$NIX_VOLUME_USE_DISK" "$NIX_VOLUME_FS" "$NIX_VOLUME_LABEL" -nomount | /usr/bin/awk '/Created new APFS Volume/ {print $5}'
 }
 
 volume_uuid_from_special() {
@@ -760,7 +761,8 @@ setup_volume() {
     await_volume
 
     if [ "$(/usr/sbin/diskutil info -plist "$NIX_ROOT" | xmllint --xpath "(/plist/dict/key[text()='GlobalPermissionsEnabled'])/following-sibling::*[1]" -)" = "<false/>" ]; then
-        sudo /usr/sbin/diskutil enableOwnership "$NIX_ROOT"
+        _sudo "to set enableOwnership (enabling users to own files)" \
+            /usr/sbin/diskutil enableOwnership "$NIX_ROOT"
     fi
 
     # TODO: below is a vague kludge for now; I just don't know