fix(nix): make flake checks hermetic

[elezar]

Summary

Make nix flake check pass on the Darwin builder by removing two host-environment assumptions exposed by hermetic Nix checks.

Related Issue

None.

Changes

• Add lsof to openshell-core Nix check inputs because the port availability test asserts cross-family listener detection through lsof.
• Move the VM gvproxy fallback socket directory from shared /tmp/osd-gv to per-user /tmp/openshell-<uid>/osd-gv when XDG_RUNTIME_DIR is absent, preserving ownership checks while avoiding cross-user temp-dir collisions.

Context

On this system, lsof existed on the host at /usr/sbin/lsof, but it was not present inside the Nix test derivation. The production port check treats missing lsof as no listener data, so the IPv6 wildcard listener test failed until pkgs.lsof was declared.

The VM driver also fell back to /tmp/osd-gv. In the Nix sandbox that directory already existed with uid 502, while the builder ran as uid 355. The existing ownership guard correctly rejected it. Using a uid-scoped fallback keeps the safety property and makes the path hermetic for multi-user and Nix builds.

Testing

• nix build .#checks.aarch64-darwin.openshell-core-test --print-build-logs
• nix build .#checks.aarch64-darwin.openshell-driver-vm-test --print-build-logs
• nix build .#checks.aarch64-darwin.rustfmt --print-build-logs
• nix build .#checks.aarch64-darwin.openshell-driver-vm-clippy --print-build-logs
• nix flake check
• mise run pre-commit passes: mise is unavailable in this shell (zsh: command not found: mise)
• E2E tests added/updated: not applicable

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)