treewide: use runuser for dropping privileges

When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.

modules/joinmarket.nix

@@ -166,7 +166,6 @@ in {
       wantedBy = [ "multi-user.target" ];
       requires = [ "bitcoind.service" ];
       after = [ "bitcoind.service" ];
-      path = [ pkgs.sudo ];
       serviceConfig = nbLib.defaultHardening // {
         ExecStartPre = nbLib.privileged "joinmarket-create-config" ''
           install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
@@ -183,7 +182,8 @@ in {
               echo "Create wallet"
               pw=$(cat "${secretsDir}"/jm-wallet-password)
               cd ${cfg.dataDir}
-              if ! sudo -u ${cfg.user} ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
+              if ! ${pkgs.utillinux}/bin/runuser -u ${cfg.user} -- \
+                     ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
                      | grep 'recovery_seed' \
                      | cut -d ':' -f2 \
                      | (umask u=r,go=; cat > "${secretsDir}/jm-wallet-seed"); then