doc/release-notes: cleanup notable changes section

  The derivation now installs "impl" headers selectively instead of by a wildcard.

  Use `imgui.src` if you just want to access the unpacked sources.

- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier

- The new `boot.loader.systemd-boot.windows` option makes setting up dual-booting with Windows on a different drive easier.

- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11

- Linux 4.19 has been removed because it will reach its end of life within the lifespan of 24.11.

- Unprivileged access to the kernel syslog via `dmesg` is now restricted by default. Users wanting to keep an

  unrestricted access to it can set `boot.kernel.sysctl."kernel.dmesg_restrict" = false`.

- The `i18n.inputMethod` module introduces two new properties:

  `enable` and `type`, for declaring whether to enable an alternative input method and defining which input method respectfully. The options available in `type` are the same as the existing `enabled` option. `enabled` is now deprecated, and will be removed in a future release.

- `security.pam.u2f` now follows RFC42.

  All module options are now settable through the freeform `.settings`.

- `security.pam.u2f` now follows RFC42; all module options are now configurable through `security.pam.u2f.settings`.

- Mikutter was removed because the package was broken and had no maintainers.

- `services.timesyncd.fallbackServers` was added and defaults to `networking.timeServers`.

- Cinnamon has been updated to 6.2, please check [upstream announcement](https://www.linuxmint.com/rel_wilma_whatsnew.php) for more details.

  Following Mint 22 defaults, the Cinnamon module no longer ships geary and hexchat by default.

- Cinnamon has been updated to 6.2. Please check [upstream announcement](https://www.linuxmint.com/rel_wilma_whatsnew.php) for more details.

  Following Mint 22 defaults, the Cinnamon module no longer ships `geary` and `hexchat` by default.

- `zfs.latestCompatibleLinuxPackages` is deprecated and is now pointing at the default kernel. If using the stable LTS kernel (default `linuxPackages` is not possible then you must explicitly pin a specific kernel release. For example, `boot.kernelPackages = pkgs.linuxPackages_6_6`. Please be aware that non-LTS kernels are likely to go EOL before ZFS supports the latest supported non-LTS release, requiring manual intervention.

- The `shadowstack` hardening flag has been added, though disabled by default.

- `xxd` is now provided by the `tinyxxd` package, rather than `vim.xxd`, to reduce closure size and vulnerability impact. Since it has the same options and semantics as Vim's `xxd` utility, there is no user impact. Vim's `xxd` remains available as the `vim.xxd` package.

- `xxd` is now provided by the `tinyxxd` package rather than `vim.xxd` to reduce closure size and vulnerability impact. Since it has the same options and semantics as Vim's `xxd` utility, there is no user impact. Vim's `xxd` remains available as the `vim.xxd` package.

- `prometheus-openldap-exporter` was removed since it was unmaintained upstream and had no nixpkgs maintainers.

- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep), available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).

- `restic` module now has an option for inhibiting system sleep while backups are running, defaulting to off (not inhibiting sleep). Available as [`services.restic.backups.<name>.inhibitsSleep`](#opt-services.restic.backups._name_.inhibitsSleep).

- The arguments from [](#opt-services.postgresql.initdbArgs) now get shell-escaped.