nixos/taskchampion-sync-server: use DynamicUser after 26.05 (#494338)

- `vimPlugins.nvim-treesitter` has been updated to `main` branch, which is a full and incompatible rewrite. If you can't or don't want to update, you should use `vimPlugins.nvim-treesitter-legacy`.

- `services.taskchampion-sync-server` module have been added an option `services.taskchampion-sync-server.dynamicUser` to use systemd's DynamicUser feature. This is enabled by default when stateVersion is at least 26.05, and disabled otherwise. If you need this feature, you need to set `services.taskchampion-sync-server.dynamicUser` to `true` and migrate `/var/lib/taskchampion-sync-server` to `/var/lib/private/taskchampion-sync-server`.

## Other Notable Changes {#sec-nixpkgs-release-26.05-notable-changes}

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

      type = types.listOf types.str;

      default = [ ];

    };

    dynamicUser = lib.mkOption {

      description = "Whether to use dynamic user";

      type = types.bool;

      default = lib.versionAtLeast config.system.stateVersion "26.05";

    };

  };

  config = lib.mkIf cfg.enable {

    users.users.${cfg.user} = lib.mkIf (cfg.user == defaultUser) {

    users.users.${cfg.user} = lib.mkIf (!cfg.dynamicUser && cfg.user == defaultUser) {

      isSystemUser = true;

      inherit (cfg) group;

    };

    users.groups.${cfg.group} = lib.mkIf (cfg.group == defaultGroup) { };

    users.groups.${cfg.group} = lib.mkIf (!cfg.dynamicUser && cfg.group == defaultGroup) { };

    networking.firewall.allowedTCPPorts = lib.mkIf (cfg.openFirewall) [ cfg.port ];

    systemd.services.taskchampion-sync-server = {

      serviceConfig = {

        User = cfg.user;

        Group = cfg.group;

        # If we enable DynamicUser, users need to move

        # /var/lib/taskchampion-sync-server to

        # /var/lib/private/taskchampion-sync-server manually, which is a

        # breakage. So we keep the old behavior and we'll do the migration in

        # another PR.

        DynamicUser = false;

        DynamicUser = cfg.dynamicUser;

        StateDirectory = lib.mkIf (cfg.dataDir == defaultDir) "taskchampion-sync-server";

        ExecStart = ''

          ${lib.getExe cfg.package} \