.devcontainer: add commands to adjust permissions under Codespaces

[peat-psuwit]

This commit does 2 things:

• Remove "default permission" from ACL table of /tmp. This is to prevent "error: suspicious ownership or permission on '<...>' for output 'out'; rejecting this build output" error. See: Nix doesn't work in Github Codespaces nix#6680 (comment)
• Set permission of /dev/kvm so that it can be used by NixOS tests.

Note that this is tested on GitHub Codespaces only; I'm not sure how VSCode's local devcontainer handling will react. Although I've added a guard code in case /dev/kvm does not exist in that environment.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[FliegendeWurst]

I'm not sure how VSCode's local devcontainer handling will react.

I don't really know either. Never used the local devcontainer stuff, so it would be good if someone who does use it could test this change.