nixos/config/sysctl: set options as they become available

[illdefined]

This is an almost complete re‐write of the config/sysctl module with three significant changes:

• Instead of setting the sysctl options once during system start‐up, they are set when the corresponding file in /proc/sys becomes available for the first time, through systemd path units. This allows setting of options that might only become available at a later time.
• The boot.kernel.sysctl option now is a nested attribute set, which means that paths no longer require quoting. The old style is still supported for compatibility, but the module warns about its use.
• Attribute names may contain glob patterns (*, ? and […]) to set multiple sysctls at once, these should however be used with caution as their use can lead to non‐deterministic behaviour when option paths overlap.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.