modules/programs: sandbox: remove no-longer-needed /run/systemd/resolve from sandbox

modules/programs/default.nix

@@ -84,7 +84,7 @@ let
             "/etc"  #< especially for /etc/profiles/per-user/$USER/bin
             "/run/current-system"  #< for basics like `ls`, and all this program's `suggestedPrograms` (/run/current-system/sw/bin)
             "/run/wrappers"  #< SUID wrappers, in this case so that firejail can be re-entrant. TODO: remove!
-            "/run/systemd/resolve"  #< to allow reading /etc/resolv.conf, which ultimately symlinks here
+            # "/run/systemd/resolve"  #< to allow reading /etc/resolv.conf, which ultimately symlinks here (if using systemd-resolved)
             # /run/opengl-driver is a symlink into /nix/store; needed by e.g. mpv
             "/run/opengl-driver"
             "/run/opengl-driver-32"  #< XXX: doesn't exist on aarch64?