Keyring isn't suid on nixos

Hi, @SebTM . I'm really sorry for taking so long on this.

In the last couple of days, with things at work slowing down because of the winter vacations, I've been able to make some headway here. So I've been hammering away through some of this for a couple of days.

Right now, I have nothing I can ship to you. I can say that we will need to add 1Password-BrowserHelper as an SGID script. We potentially need to add 1Password-KeyringHelper as both SUID and SGID. Here's a snippet that I've added to my configuration.nix:

```
users.groups.onepassword.gid = 44399;

security.wrappers = {
"1Password-BrowserSupport" =
{ source = "${_1password-gui}/share/1password/1Password-BrowserSupport";
owner = "root";
group = "onepassword";
setuid = false;
setgid = true;
};

"1Password-KeyringHelper" =
  { source = "${_1password-gui}/share/1password/1Password-KeyringHelper";
    owner = "root";
    group = "onepassword";
    setuid = true;
    setgid = true;
  };
};

```

However, this is not enough. We make certain assumptions about where to find these executables inside 1Password, plus we run some other checks. I've resolved the filesystem limitations and am working through a few additional problems. However, I wouldn't be able to release anything until I consult with our security experts, and the true expert in this area of the code is already on vacation for the rest of the year.

Obviously we won't want users to have to enter the above code themselves. I'll probably go ahead and start building a Nix module that handles it while I'm on break, and then really finish it off once I can get the rest of the code working.

Again, I am sorry for taking so long. Thank you for your patience, and for pushing me.