chore: export Qubes service flag "SDEXTENDEDTIMEOUT_N" as SDEXTENDEDT…

…IMEOUT=N

Since a Qubes service just sets a boolean flag, we use qubesdb-list (1)
as a glob, for any key beginning with the prefix "SDEXTENDEDTIMEOUT_";
and (2) to return the "value", aka the key without that prefix.

This approach is too naïve to work for arbitrary keys (which risk
colliding in the glob) or arbitrarily-typed values (without encoding).
But it's good enough for this experimental flag.  More-sophisticated
approaches, such as scanning the contents of "/var/run/qubes-service",
would require AppArmor grants, which we already have for qubesdb-cmd.

files/securedrop-client

@@ -10,5 +10,13 @@ cd /opt/venvs/securedrop-client
 # Check if qubes-db exists (and we are running in qubes)
 if [ ! -f "/usr/bin/qubesdb-read" ]; then echo "Not running in Qubes, client not starting." && exit; fi
 
+# EXPERIMENTAL(#1547): Check for the SDEXTENDEDTIMEOUT_N service flag and export it as
+# SDEXTENDEDTIMEOUT=N.
+timeout_flag_value=$(qubesdb-list /qubes-service/SDEXTENDEDTIMEOUT_)
+if [ -n "$timeout_flag_value" ]; then
+	echo "SDEXTENDEDTIMEOUT=$timeout_flag_value"
+	export SDEXTENDEDTIMEOUT="$timeout_flag_value"
+fi
+
 # Now execute the actual client, only if running in an sd-app
 if [ "$(qubesdb-read /name)" = "sd-app" ]; then ./bin/sd-client; else echo "Not running in sd-app, client not starting."; fi