mimetype: sandbox (and remove unneeded mimeopen)

hosts/common/programs/assorted.nix

@@ -945,7 +945,7 @@ in
       "/sys/devices"
     ];
 
-    "perlPackages.FileMimeInfo".sandbox.enable = false;  #< TODO: sandbox `mimetype` but not `mimeopen`.
+    "perlPackages.FileMimeInfo" = {};
 
     powertop.sandbox.method = "landlock";
     powertop.sandbox.capabilities = [ "ipc_lock" "sys_admin" ];

hosts/common/programs/default.nix

@@ -90,6 +90,7 @@
     ./megapixels.nix
     ./mepo.nix
     ./mimeo
+    ./mimetype.nix
     ./mmcli.nix
     ./mopidy.nix
     ./mpv

hosts/common/programs/mimetype.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  sane.programs.mimetype = {
+    packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.perlPackages.FileMimeInfo "bin/mimetype";
+    sandbox.method = "bwrap";
+    sandbox.autodetectCliPaths = "existing";
+  };
+}

hosts/common/programs/xdg-utils.nix

@@ -12,7 +12,11 @@
 
     # `mimetype` provides better mime associations than `file`
     # - see: <https://github.com/NixOS/nixpkgs/pull/285233#issuecomment-1940828629>
-    suggestedPrograms = [ "perlPackages.FileMimeInfo" ];
+    suggestedPrograms = [
+      # "perlPackages.FileMimeInfo"
+      "mimetype"
+      # "mimeopen"  #< optional, unclear what benefit
+    ];
 
     # alternative to letting the sandbox decide for itself: forcibly use the portal
     #   if the mime association list is not visible/in scope.