portfolio-filemanager: sandbox with bunpen

note that portfolio seems not to use portal integration anymore? so using it to launch e.g. Music files totally fails (because i don't grant pipewire access)

well, i don't really use this that much, so i'll deal with that only if/when it's an issue

hosts/common/programs/portfolio-filemanager.nix

@@ -2,7 +2,7 @@
 {
   sane.programs.portfolio-filemanager = {
     # this is all taken pretty directly from nautilus config
-    sandbox.method = "bwrap";
+    sandbox.method = "bunpen";
     sandbox.whitelistDbus = [ "user" ];  # for portals launching apps
     sandbox.whitelistWayland = true;
     sandbox.extraHomePaths = [
@@ -10,8 +10,17 @@
       "/"
       ".persist/ephemeral"
       ".persist/plaintext"
+      "Pictures/Photos"
+      "Pictures/Screenshots"
+      "Pictures/albums"
+      "Pictures/cat"
+      "Pictures/from"
+      "Videos/local"
+      "archive"
       "knowledge"
       "nixos"
+      "records"
+      "tmp"
     ];
     sandbox.extraPaths = [
       "/boot"