Fix devx container failures: Bash 3.2 rejection and impure path errors (#226)

Two fixes for CI failures when consuming devx containers:

1. Use Nix-provided Bash in shebang instead of /usr/bin/env bash.
   On macOS GitHub Actions runners, /usr/bin/env bash resolves to
   Apple's Bash 3.2 (GPLv2), but nixpkgs' setup.sh requires Bash 5+.
   pkgs.bash is already in the closure via stdenv.

2. Disable NIX_ENFORCE_PURITY before sourcing stdenv/setup.
   The stdenv preHook defaults NIX_ENFORCE_PURITY to 1, causing
   cc-wrapper to reject -I/-L flags outside /nix/store/. This breaks
   cabal builds that use $HOME/.cabal-devx/store/. Setting it to empty
   before sourcing setup.sh matches nix develop behavior.

Author: angerman

flake.nix

@@ -342,7 +342,7 @@
                 name = "devx";
                 executable = true;
                 text = ''
-                  #!/usr/bin/env bash
+                  #!${pkgs.bash}/bin/bash
 
                   # Raw derivation environment variables. These seed stdenv's
                   # setup.sh with build inputs, compiler paths, and other
@@ -363,6 +363,14 @@
                     mkdir -p "$out"
                   fi
 
+                  # Development shells must not enforce store-path purity.
+                  # The stdenv preHook defaults NIX_ENFORCE_PURITY to 1, which
+                  # causes the cc-wrapper to reject -I/-L flags pointing outside
+                  # /nix/store/ (e.g. the cabal package store at $CABAL_DIR/store/).
+                  # Setting it to empty before sourcing setup.sh makes the preHook's
+                  # ''${NIX_ENFORCE_PURITY-1} keep the empty value instead of defaulting.
+                  export NIX_ENFORCE_PURITY=
+
                   # Source stdenv's setup.sh to initialize the development
                   # environment. This runs all setup hooks (cc-wrapper,
                   # pkg-config-wrapper, etc.) and populates NIX_CFLAGS_COMPILE,