programs: eza: sandbox with bwrap instead of landlock

hosts/common/programs/assorted.nix

@@ -324,7 +324,10 @@ in
     ethtool.sandbox.wrapperType = "wrappedDerivation";
     ethtool.sandbox.capabilities = [ "net_admin" ];
 
-    eza.sandbox.method = "landlock";  # ls replacement
+    # eza `ls` replacement
+    # landlock is OK, only `whitelistPwd` doesn't make the intermediate symlinks traversable, so it breaks on e.g. ~/Videos/servo/Shows/foo
+    # eza.sandbox.method = "landlock";
+    eza.sandbox.method = "bwrap";
     eza.sandbox.wrapperType = "wrappedDerivation";  # slow to build
     eza.sandbox.autodetectCliPaths = true;
     eza.sandbox.whitelistPwd = true;