nerdctl: enable darwin and fix default data-root permission issue

[66Ton99]

Summary

This updates pkgs/by-name/ne/nerdctl/package.nix to make nerdctl usable on Darwin.

Changes

• enable Darwin in meta.platforms
• make Linux-only CNI integration conditional:
  • cni-plugins is optional
  • CNI_PATH wrapper env is set only on Linux
• fix Darwin runtime behavior where nerdctl fails with:
  • mkdir /var/lib/nerdctl: permission denied
• for Darwin, patch upstream default data root to:
  • $HOME/.local/share/nerdctl
  • fallback to /var/lib/nerdctl if home cannot be resolved
• keep completion generation working in build sandbox by invoking completion with a temporary data-root

Why

nerdctl currently evaluates/builds as Linux-only and on Darwin defaults to /var/lib/nerdctl, which is not writable for regular users and causes immediate fatal startup.

Result

On Darwin, nerdctl can be installed and started as a normal user without requiring root-writable /var/lib.

Testing

Tested on x86_64-darwin:

• nix build ...#nerdctl succeeds
• nerdctl --version succeeds
• running nerdctl no longer fails with /var/lib/nerdctl: permission denied

Linux behavior is unchanged (Linux-only CNI wiring remains Linux-only).

Review request

I would appreciate review from someone who is familiar with both nerdctl internals and nixpkgs packaging conventions, especially around Darwin defaults and runtime data-root behavior.

[66Ton99]

Related upstream/downstream work:

• containerd/nerdctl PR: defaults: use user-writable data root on darwin containerd/nerdctl#4842 (Darwin default data-root fix)

Once the upstream nerdctl change lands and is released, this nixpkgs change can be simplified accordingly.

[AkihiroSuda]

make nerdctl usable on Darwin.

Not really useful until we can have a functional runtime

• Initial support for nerdbox containerd/nerdctl#4574