In environments where the network is not 100% trusted this can open up a
remote code execution. This should be only enabled in certain cloud
enviroments where there is actual support (i.e. there could be a cloud
profile spinoff)
This opens the road to re-using the same NixOS system closure for
different deployments.
Have a static system configuration, and then cloud-init complete it with
the surrounding environment.