Merge pull request #256159 from YtvwlD/yama

- Package `cloud-sql-proxy` was renamed to `google-cloud-sql-proxy` as it cannot be used with other cloud providers.;

- The Yama LSM is now enabled by default in the kernel, which prevents ptracing non-child processes.

  This means you will not be able to attach gdb to an existing process, but will need to start that process from gdb (so it is a child).

  Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.

- Package `pash` was removed due to being archived upstream. Use `powershell` as an alternative.

- The option `services.plausible.releaseCookiePath` has been removed: Plausible does not use any distributed Erlang features, and does not plan to (see [discussion](https://github.com/NixOS/nixpkgs/pull/130297#issuecomment-1805851333)), so NixOS now disables them, and the Erlang cookie becomes unnecessary. You may delete the file that `releaseCookiePath` was set to.

    # users as these make it easier to exploit kernel vulnerabilities.

    boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1;

    # Disable YAMA by default to allow easy debugging.

    boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;

    # Improve compatibility with applications that allocate

    # a lot of memory, like modern games

    boot.kernel.sysctl."vm.max_map_count" = mkDefault 1048576;

    "ufs"

  ];

  # Restrict ptrace() usage to processes with a pre-defined relationship

  # (e.g., parent/child)

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;

  # Hide kptrs even for processes with CAP_SYSLOG

  boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;