Add sandboxed-workspace module for isolated dev environments

Provides isolated development environments using either VMs (microvm.nix)
or containers (systemd-nspawn) with a unified configuration interface.

Features:
- Unified options with required type field ("vm" or "container")
- Shared base configuration for networking, SSH, users, packages
- Automatic SSH host key generation and persistence
- Shell aliases for workspace management (start/stop/status/ssh)
- Automatic /etc/hosts entries for workspace hostnames
- restartIfChanged support for both VMs and containers
- Passwordless doas in workspaces

Container backend:
- Uses hostBridge for proper bridge networking with /24 subnet
- systemd-networkd for IP configuration
- systemd-resolved for DNS

VM backend:
- TAP interface with deterministic MAC addresses
- virtiofs shares for workspace directories
- vsock CID generation

flake.nix

@@ -48,7 +48,7 @@
     };
 
     # Dailybot
-    dailybuild_modules = {
+    dailybot = {
       url = "git+https://git.neet.dev/zuckerberg/dailybot.git";
       inputs = {
         nixpkgs.follows = "nixpkgs";
@@ -71,6 +71,12 @@
       url = "github:Mic92/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # MicroVM support
+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = { self, nixpkgs, ... }@inputs:
@@ -88,9 +94,10 @@
             ./common
             simple-nixos-mailserver.nixosModule
             agenix.nixosModules.default
-            dailybuild_modules.nixosModule
+            dailybot.nixosModule
             nix-index-database.nixosModules.default
             home-manager.nixosModules.home-manager
+            microvm.nixosModules.host
             self.nixosModules.kernel-modules
             ({ lib, ... }: {
               config = {