module: prohibit store-paths for environmentFile

The store is world-readable, so secrets shouldn't end up there in the
first place. On top, `types.path` has the following behavior:

* `toString foo` returns the absolute path
* `${foo}` copies the path silently into the store and returns the
  store-path.

This happens without any real feedback, so this can be caused by an
innocent looking change.

To address this problem, `pathsWith` was introduced into <nixpkgs/lib>
which allows absolute paths represented as string, but rejects things
pointing to the store and path literals which may be copied later on.

module.nix

@@ -44,6 +44,11 @@ let
     ;
 
   settingsFormat = pkgs.formats.yaml { };
+
+  pathToSecret = types.pathWith {
+    inStore = false;
+    absolute = true;
+  };
 in
 {
   options.services = {
@@ -81,7 +86,7 @@ in
       };
 
       environmentFile = mkOption {
-        type = types.nullOr types.path;
+        type = types.nullOr pathToSecret;
         default = null;
         example = "/run/secrets/authentik/authentik-env";
         description = ''
@@ -105,7 +110,7 @@ in
       enable = mkEnableOption "authentik LDAP outpost";
 
       environmentFile = mkOption {
-        type = types.nullOr types.path;
+        type = types.nullOr pathToSecret;
         default = null;
         example = "/run/secrets/authentik-ldap/authentik-ldap-env";
         description = ''
@@ -128,7 +133,7 @@ in
       enable = mkEnableOption "authentik RADIUS outpost";
 
       environmentFile = mkOption {
-        type = types.nullOr types.path;
+        type = types.nullOr pathToSecret;
         default = null;
         example = "/run/secrets/authentik-radius/authentik-radius-env";
         description = ''