nixos/wrappers: add enable switch

Add enable switch to make it possible to disable all wrappers but then
also re-enable all at once by forcing the option to be true.

By default the wrappers are enabled and thus the default behaviour
doesn't change.

Author: nikstur

nixos/modules/security/wrappers/default.nix

@@ -165,6 +165,10 @@ in
   ###### interface
 
   options = {
+    security.enableWrappers = lib.mkEnableOption "SUID/SGID wrappers" // {
+      default = true;
+    };
+
     security.wrappers = lib.mkOption {
       type = lib.types.attrsOf wrapperType;
       default = {};
@@ -227,7 +231,7 @@ in
   };
 
   ###### implementation
-  config = {
+  config = lib.mkIf config.security.enableWrappers {
 
     assertions = lib.mapAttrsToList
       (name: opts: