Don't allow NIX_LD on setuid binaries

[Mic92]

In the unlikely event if someone has NIX_LD set and an setuid binary using /lib64/ld-linux-x86-64.so.2, an attacker might be able to diverge execution by pointing to a untrusted patched libc. This should never happen in normal usage of nixos.