nixos/{tmpfiles, wrappers}: explicitly set RestrictSUIDSGID false (#426882)

nixos/modules/security/wrappers/default.nix

@@ -318,6 +318,7 @@ in
         "/nix/store"
         "/run/wrappers"
       ];
+      serviceConfig.RestrictSUIDSGID = false;
       serviceConfig.Type = "oneshot";
       script = ''
         chmod 755 "${parentWrapperDir}"

nixos/modules/system/boot/systemd/tmpfiles.nix

@@ -280,6 +280,7 @@ in
           "network.hosts"
           "ssh.authorized_keys.root"
         ];
+        RestrictSUIDSGID = false;
       };
     };