This change refactors all tooling to use stable nix to build the
project's packages (the git-bug binary and web ui). Support for the
experimental features of nix that were previously in use were removed:
`flakes` and `nix-command`. This requires updating many different parts
of the development toolchain, namely: CI, internal tools, and
documentation.

As a result of this, onboarding has been simplified (as users no longer
need to add support for the experimental features), nix is now
exclusively being used to build in CI, and is the recommended golden
path outside of CI (for correctness guarantees, at least). A
`release-binaries` drv has been added that builds git-bug for a variety
of platforms to support moving away from gox (and add support for
`darwin/arm64`).

When evaluating the treefmt configuration, optimizations were realized:

- zizmor is being used instead of pinact for performing analysis of
  pipelines defined in //.github/workflows. as a result of this, changes
  were made to improve pipeline security
- codespell configuration has been updated to include hidden files by
  default, and to skip over additional generated fileas
- treefmt verbosity was changed so that additional information is shown
  during its execution
- treefmt will no longer emit messages about unmatched files by default
  (but will if debug logging is enabled)

This is one of the rare cases in which I'll submit a change that crosses
multiple logical boundaries and closes several issues at once, but the
nature of this change opened up the possibility to do so fairly neatly.
I hope that this brings about a simpler experience for contributors to
this project, and for downstream consumers (packagers and
source-builders).

Closes: #1491
Closes: #1418
Closes: #1508

Change-Id: I3fb65c84c9c1a98b045548802d5710de9b117b2e

# Conflicts:
#	Makefile

Bumps the go_modules group with 1 update in the / directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl).


Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps the npm_and_yarn group with 1 update in the /webui directory: [qs](https://github.com/ljharb/qs).


Updates `qs` from 6.14.1 to 6.14.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

This test periodically fails with the bug_label_change variant, caused
by an unexpected number of operations existing on the bug (typically in
the range of 7-9).

This tree exists to debug it.

NOTE: This tree is built on top of
de7def3f81745c0c24a482a1e9a5dcb4fbbd69dd, and should not be merged in
directly. Its parent effectively enables this test to run on CI, which
is used periodically during the iteration of this adventure.

Change-Id: I738207f8cb254b66f3ef18aa525fce39c71060e2

A typo in the reference to the repository-level `TEST_USER_GITHUB`
variable was causing export tests under //bridge/github to be skipped.
This change resolves this issue.

Change-Id: Ia1ad61e54e305bb073efc6853738d3eed81d576c

Resolves #849
References #828

This a just a preview. Not all features are expected to work.