nixos/security: add size option to /run/wrappers

[DieracDelta]

Description of changes

Add an option to configure the maximum size of /run/wrappers tmpfs. Note I've preserved the default behavior of allocating half the available ram as the max size of the tmpfs mount.

Motivation for change: all tmpfs mounts have configurable sizes except /run/wrappers. /run/wrappers takes up a 500ish kb on my system. There is no need for it to have a maximum allocated size of $RAM/2 which appears to be the default.

I understand that tmpfs allocates memory lazily, and it is unlikely that something is going to blow up the size of /run/wrappers. This option addition is mostly an attempt at consistency, since the other tmpfs mounts (like /dev/shm or /run) are max-size configurable.

Things done

I've tested this on my local NixOS install. It works for me.

• Built on platform(s)
  • [x] x86_64-linux
  • [ ] aarch64-linux
  • [ ] x86_64-darwin
  • [ ] aarch64-darwin
• [ ] For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• [ x Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• [ ] Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• [ ] Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • [ ] (Package updates) Added a release notes entry if the change is major or breaking
  • [ ] (Module updates) Added a release notes entry if the change is significant
  • [ ] (Module addition) Added a release notes entry if adding a new NixOS module
  • [ ] (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• [ ] Fits CONTRIBUTING.md.