Begin implementing kiosk browser

This commit introduces the _kiosk.service_ unit, which launches `sway`
to start a Wayland session, which in turn launches Firefox.  The
`policies.json` file configures Firefox in a sort of kiosk mode,
disabling most features and blocking all but the desginated sites.
Unfortunately, running `firefox --kiosk` doesn't actually work: Firefox
apparently runs, but doesn't draw anything on the screen.

Note that we have to launch Firefox by its "real" path, since
`/usr/bin/firefox` is a Bash script, and Bash is not installed.
Fortunately, the wrapper script doesn't do anything we really care
about, so bypassing it is fine.

overlay/etc/firefox/policies/policies.json

@@ -0,0 +1,57 @@
+{
+  "policies": {
+    "BlockAboutAddons": true,
+    "BlockAboutConfig": true,
+    "BlockAboutProfiles": true,
+    "CaptivePortal": false,
+    "DisableDeveloperTools": true,
+    "DisableFeedbackCommands": true,
+    "DisableFirefoxScreenshots": true,
+    "DisableFirefoxSutudies": true,
+    "DisableFormHistory": true,
+    "DisableMasterPasswordCreation": true,
+    "DisablePasswordReveal": true,
+    "DisablePocket": true,
+    "DisablePrivateBrowsing": true,
+    "DisableProfileImport": true,
+    "DisableProfileRefresh": true,
+    "DisableSecurityBypass": true,
+    "DisableSetDesktopBackground": true,
+    "DNSOverHTTPS": {
+      "Enabled": false,
+      "Locked": true
+    },
+    "DontCheckDefaultBrowser": true,
+    "Homepage": {
+      "URL": "https://homeassistant.pyrocufflink.blue/",
+      "Locked": true,
+      "StartPage": "homepage-locked"
+    },
+    "NewTabPage": false,
+    "NoDefaultBookmarks": true,
+    "OfferToSaveLogins": false,
+    "OverrideFirstRunPage": "",
+    "OverridePostUpdatePage": "",
+    "PasswordManagerEnabled": false,
+    "Preferences": {
+      "browser.sessionstore.resume_from_crash": {
+        "Value": false
+      },
+      "browser.startup.couldRestoreSession.count": {
+        "Value": -1
+      },
+      "datareporting.policy.dataSubmissionPolicyBypassNotification": {
+        "Value": true
+      },
+      "extensions.activeThemeID": {
+        "Value": "firefox-compact-dark@mozilla.org"
+      }
+    },
+    "WebsiteFilter": {
+      "Block": ["<all_urls>"],
+      "Exceptions": [
+        "https://*.pyrocufflink.blue/*"
+      ]
+    }
+  }
+}

overlay/etc/pam.d/kiosk

@@ -0,0 +1,7 @@
+account required pam_localuser.so
+
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session required pam_limits.so
+session required pam_env.so
+session required pam_systemd.so

overlay/etc/sway/kiosk.conf

@@ -0,0 +1,11 @@
+# vim: set ft=swayconfig :
+
+output DSI-1 resolution 720x1280 transform 90
+
+input * {
+    map_to_output DSI-1
+}
+
+exec /usr/lib64/firefox/firefox
+
+for_window [title="Mozilla Firefox"] fullscreen