nixos/sshd: add AcceptEnv as an option (#461612)

- `python3packages.pillow-avif-plugin` has been removed as the functionality is included in `python3packages.pillow` directly since version 11.3.

- `services.openssh.settings.AcceptEnv` now explicitly defined as an option that takes a list of strings, to facilitate option merging. Setting it to a string value is no longer supported.

## Other Notable Changes {#sec-nixpkgs-release-26.05-notable-changes}

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

      // lib.listToAttrs (map (e: lib.nameValuePair e.env "%d/${e.env}") secrets);

    };

    services.openssh.settings.AcceptEnv = mkIf (

      !cfg.settings.server.START_SSH_SERVER or false

    ) "GIT_PROTOCOL";

    services.openssh.settings.AcceptEnv = mkIf (!cfg.settings.server.START_SSH_SERVER or false) [

      "GIT_PROTOCOL"

    ];

    users.users = mkIf (cfg.user == "forgejo") {

      forgejo = {

        "Macs"

      ];

      spaceSeparated = [

        "AcceptEnv"

        "AuthorizedKeysFile"

        "AllowGroups"

        "AllowUsers"

          {

            freeformType = settingsFormat.type;

            options = {

              AcceptEnv = lib.mkOption {

                type = lib.types.nullOr (lib.types.listOf lib.types.str);

                default = null;

                description = ''

                  Specifies what environment variables sent by the client will be copied into the session's

                  environment. The TERM environment variable is always accepted whenever the client requests

                  a pseudo-terminal as it is required by the protocol.

                '';

              };

              AuthorizedPrincipalsFile = lib.mkOption {

                type = lib.types.nullOr lib.types.str;

                default = "none"; # upstream default