Apply AppArmor userns workaround for Ubuntu-based runners #193
Description
I don't know when this started happening, but recently my Nix-based builds in GitHub Actions started failing with: bwrap: setting up uid map: Permission denied
To make builds work, I had to run:
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
as a step before nix build. Might be worth auto-applying this as part of the installation process, or at least mention it in documentation (I didn't see it mentioned).