update(security): simplify security configuration and enhance apparmor

- Remove SELinux-related configurations (kernel params, systemd
override, packages)
- Disable kernel modules locking
- Streamline LSM modules list
- Enhance AppArmor with kill unconfined option and PAM integration
- Add AppArmor support for various services (login, sshd, sudo, etc.)
- Enable D-Bus AppArmor integration
- Remove unused hyprlock PAM service

nixos/security-services.nix

@@ -18,13 +18,24 @@
   };
   security.apparmor = {
     enable = true;
+    killUnconfinedConfinables = true;
     packages = with pkgs; [
       apparmor-utils
       apparmor-profiles
     ];
   };
+
+  security.pam.services = {
+    login.enableAppArmor = true;
+    sshd.enableAppArmor = true;
+    sudo.enableAppArmor = true;
+    su.enableAppArmor = true;
+    greetd.enableAppArmor = true;
+    u2f.enableAppArmor = true;
+  };
+
+  services.dbus.apparmor = "enabled";
   services.fail2ban.enable = true;
-  security.pam.services.hyprlock = {};
   # security.polkit.enable = true;
   programs.browserpass.enable = true;
   services.clamav = {