firefox: new permission checks for extensions

[musjj]

Description

Add two new options to customize how extension permissions are checked:

• extensions.exhaustivePermissions
  Ensures that the permissions requested by all extensions managed by home-manager are authorized
• extensions.exactPermissions
  When enabled, the user must authorize only the permissions that the extensions requests, not more nor less.

Both are false by default for backwards compatibility.

Closes #7890

Checklist

• Change is backwards compatible.

• Code formatted with nix fmt or
  nix-shell -p treefmt nixfmt deadnix keep-sorted --run treefmt.

• Code tested through nix run .#tests -- test-all or
  nix-shell --pure tests -A run.all.

• Test cases updated/added. See example.

• Commit messages are formatted like

  {component}: {description}
  
  {long description}
  

  See CONTRIBUTING for more information and recent commit messages for examples.

• If this PR adds a new module

  • Added myself as module maintainer. See example.
  • Generate a news entry. See News
  • Basic tests added. See Tests

• If this PR adds an exciting new feature or contains a breaking change.

  • Generate a news entry. See News

[superherointj]

I'm getting this error since this PR:

error: function 'anonymous lambda' called without required argument 'addonId'

Is this code good? (I'm out of context still trying to understand what is going on.)

Error happens if programs.firefox.profiles."default".extensions.packages has a single extension custom built.

[khaneliman]

Looks like the difference between your implementation and rycee's firefox-addons that we base this off is.

passthru = {
        inherit addonId;
      };

Interesting that our other implementation handled it though. We could probably just make addonId have a name fallback so the logic is based uses the name if addonId is missing.

[khaneliman]

@superherointj Created a PR if you want to test it