.devcontainer: add commands to adjust permissions under Codespaces

This commit does 2 things:

- Remove "default permission" from ACL table of /tmp. This is to prevent
  "error: suspicious ownership or permission on '<...>' for output
  'out'; rejecting this build output" error. See:
  https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
- Set permission of /dev/kvm so that it can be used by NixOS tests.

Note that this is tested on GitHub Codespaces only; I'm not sure how
VSCode's local devcontainer handling will react. Although I've added a
guard code in case /dev/kvm does not exist in that environment.

.devcontainer/devcontainer.json

@@ -9,6 +9,10 @@
       "extraNixConfig": "experimental-features = nix-command flakes,sandbox = true"
     }
   },
+  // Fixup permissions inside container.
+  // https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
+  "postCreateCommand": "sudo apt-get install -y acl",
+  "postStartCommand": "sudo setfacl -k /tmp; if [ -e /dev/kvm ]; then sudo chgrp $(id -g) /dev/kvm; fi",
   "customizations": {
     "vscode": {
       "extensions": [