fix(wsl): disable systemd-ssh-proxy ssh_config include

The NixOS-WSL store is a read-only VHD whose files are owned by nobody
(65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true)
adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf`
to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files
and rejects any not owned by root or the caller, so the nobody-owned
include fails with "Bad owner or permissions" and breaks ssh/git for
every command.

Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` /
`vsock` connections to local machined VMs, which WSL does not use. Other
hosts keep the default (root-owned store, include works).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

system/machine/EDaaS/configuration.nix

@@ -42,6 +42,15 @@
 
   networking.resolvconf.enable = false;
 
+  # Drop the systemd-ssh-proxy Include from the generated /etc/ssh/ssh_config.
+  # The NixOS-WSL store is a read-only VHD whose files are owned by nobody
+  # (65534), not root. OpenSSH permission-checks Include'd config files and
+  # rejects any not owned by root or the caller, so the default include fails
+  # with "Bad owner or permissions" and breaks ssh/git for every command. The
+  # proxy plugin only matters for `ssh unix/…` / `vsock` to local machined VMs,
+  # which WSL does not use.
+  programs.ssh.systemd-ssh-proxy.enable = false;
+
   ## patch the script
   systemd.services.docker-desktop-proxy.script = lib.mkForce ''${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop "C:\Program Files\Docker\Docker\resources"'';