nixos/libvirtd: allow changing firewall backend

- `services.gitea` supports sending notifications with sendmail again. To do this, activate the parameter `services.gitea.mailerUseSendmail` and configure SMTP server.

- `libvirt` now supports using `nftables` backend.

  - The `virtualisation.libvirtd.firewallBackend` option can be used to configure the firewall backend used by libvirtd.

- `systemd.extraConfig` and `boot.initrd.systemd.extraConfig` was converted to RFC42-style `systemd.settings.Manager` and `boot.initrd.systemd.settings.Manager` respectively.

  - `systemd.watchdog.runtimeTime` was renamed to `systemd.settings.Manager.RuntimeWatchdogSec`

    ''}

    ${cfg.qemu.verbatimConfig}

  '';

  networkConfigFile = pkgs.writeText "network.conf" ''

    firewall_backend = "${cfg.firewallBackend}"

  '';

  dirName = "libvirt";

  subDirs = list: [ dirName ] ++ map (e: "${dirName}/${e}") list;

        Whether to configure OpenSSH to use the [SSH Proxy](https://libvirt.org/ssh-proxy.html).

      '';

    };

    firewallBackend = mkOption {

      type = types.enum [

        "iptables"

        "nftables"

      ];

      default = if config.networking.nftables.enable then "nftables" else "iptables";

      defaultText = lib.literalExpression "if config.networking.nftables.enable then \"nftables\" else \"iptables\"";

      description = ''

        The backend used to setup virtual network firewall rules.

      '';

    };

  };

  ###### implementation

        # Copy generated qemu config to libvirt directory

        cp -f ${qemuConfigFile} /var/lib/${dirName}/qemu.conf

        # Copy generated network config to libvirt directory

        cp -f ${networkConfigFile} /var/lib/${dirName}/network.conf

        # stable (not GC'able as in /nix/store) paths for using in <emulator> section of xml configs

        for emulator in ${cfg.package}/libexec/libvirt_lxc ${cfg.qemu.package}/bin/qemu-kvm ${cfg.qemu.package}/bin/qemu-system-*; do

          ln -s --force "$emulator" /run/${dirName}/nix-emulators/