findutils: remove sandboxing, it doesnt make sense

hosts/common/programs/assorted.nix

@@ -557,13 +557,14 @@ in
 
     file.sandbox.autodetectCliPaths = "existing";  #< file OR directory, yes
 
-    findutils.sandbox.autodetectCliPaths = "existing";
-    findutils.sandbox.whitelistPwd = true;
-    findutils.sandbox.extraHomePaths = [
-      # let it follow symlinks to non-sensitive data
-      ".persist/ephemeral"
-      ".persist/plaintext"
-    ];
+    findutils.sandbox.enable = false;  #< `find -exec FOO`, needs to exec arbitrary commands
+    # findutils.sandbox.autodetectCliPaths = "existing";
+    # findutils.sandbox.whitelistPwd = true;
+    # findutils.sandbox.extraHomePaths = [
+    #   # let it follow symlinks to non-sensitive data
+    #   ".persist/ephemeral"
+    #   ".persist/plaintext"
+    # ];
 
     font-manager.buildCost = 1;
     font-manager.sandbox.whitelistWayland = true;

hosts/common/programs/sane-scripts.nix

@@ -159,7 +159,6 @@ in
     # really i should sandbox just the utilities
     "sane-scripts.secrets-update-keys".sandbox.method = null;
     "sane-scripts.secrets-update-keys".suggestedPrograms = [
-      "findutils"
       "sops"
     ];