profiles/ist-shell: Impose resource limits on user processes

Description of changes

Enables resource limits on everything using the ist-shell profile (nexus, borg).

It imposes some global limits, that result in some reserved capacity for system processes:

• hard limit on memory (95% for users);
• lower weights on CPU and IO to give priority to system processes.

borg and nexus1 also have a hard limit set on CPU usage by user processes. This was cumbersome to include in the ist-shell profile as it requires knowledge of the number of CPUs in the machine. It would be weird, in my opinion, to assume all ist-shell machines are virtual (using rnl.virtualisation).

It additionally imposes memory limits (soft 6%, hard 15%) on each user's processes, to improve fairness. The root user was made exempt from them, to allow easier maintenance.

Finally, the root user was given higher CPU/IO weights, so that they may access the system with less interference from other users.

Hopefully enough to let me use nix shell on borg 🥺 (this MR does not change this).

Things to consider

• Limits on memory are way too low for machines where only a handful of users is expected to be logged in (lab machines).
• Might be wise to also introduce limits on the number of tasks each user can spawn, but definining such a number is hard, so it's probably best to leave it as is until we encounter a problem.
• Unfortunately fully decoupling the root user from the global user limits seems impossible due to logind limitations (all user-<UID>.slices go strictly under user.slice). This can be partially overcome for some parameters (CPUQuota, memory limits) using a new daemon to dynamically adjust resource limits when users log in/out, or fully overcome by patching logind. Too much work either way unless it becomes a problem.

Things done

• Tested [ ]
• Updated documentation (Wiki/NetBox) [ ]
• Breaking change [ ]