mailserver: ignore vmail user for garbage collection scan

[ctheune]

This also introduces the ability to exclude specific users from scanning them for automatic garbage collection roots - which can reduce load drastically.

Re PL-132331

@flyingcircusio/release-managers

Release process

Impact:

none

Changelog:

• Allow to selectively disable the automatic garbage collection protection scan (fc-userscan) by setting the flyingcircus.agent.userscan-ignore-users option. (PL-132331)
• On mailservers we do not scan the "virtual mailbox" user for automatic NixOS garbage collection roots. This will reduce load from our user scan script on those machines, especially with large and/or many mailboxes. (PL-132331)

PR release workflow (internal)

• PR has internal ticket
• internal issue ID (PL-…) part of branch name
• internal issue ID mentioned in PR description text
• ticket is on Platform agile board
• ticket state set to Pull request ready
• if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

• Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
• All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.

We're introducing new knobs here: the userscan-ignore-users list can be used to tweak which user are scanned for potential garbage collection roots.

Security implications

• Security requirements defined? (WHERE)

Mindful use of system resources.

• Security requirements tested? (EVIDENCE)

Manually verified on test33.

[osnyx]

As our documentation covers (fc-)userscan, this deserves to be covered in there as well. https://doc.flyingcircus.io/roles/fc-23.11-production/fc_collect_garbage_userscan.html

[osnyx]

I'm piggy-backing the doc change for this into another PR.