The script doesn't need privileges, so we should run it unprivileged.

The environment we're dumping doesn't actually have anything to do with
GNOME or GNOME Shell, it's the default environment of a user unit
started by systemd plus some display related variables set by us in
dump-user-env. The name user-env therefore better reflects its content.

Also use the name exec-with-user-env instead of exec-in-user-env to make
it more clear that we're not replacing the current environment.

The current user environment already contains all the needed variables,
so we pass that instead of /run/user/1000/user-env.

The remaining usages are safe because they are used in unprivileged
processes.

This removes all usages of the gnome.sh shell library in shell scripts
to ensure that the gnome environment file is not exported in privileged
processes.

A new script, exec-in-gnome-env, is called instead, which exports the
gnome environment in an unprivileged amnesia process and then executes
some command.

There are scenarios in which amnesia can control the gnome-shell
environment which is dumped at boot, so we have to ensure that
only processes running as amnesia (or a less privileged user) export it
in their environment. Since we have to do that, we can just store the
env file as amnesia and drop the part where we copy the file as root.

That can lead to privilege escalation. Instead, we use
/usr/local/lib/systemctl-user to start a systemd user service which has
the required environment variables set.

The gnome_env function of the Python module is called in privileged
processes, exporting the amnesia-controlled environment in those can
lead to privilege escalation.

refs #19464

Test suite: Fix step "the clearnet user has not sent packets out to the Internet"

Closes #19370

See merge request tails/tails!1074

run_test_suite: Add --all-tests

See merge request tails/tails!1076

Upgrade Tor Browser to 12.0.4-build1

Closes #19450

See merge request tails/tails!1078

refs #19450

Try again when GitLab CI fails to fetch source

See merge request tails/tails!1075

As discussed during a Sysadmin/FT sunc, this is a low-hanging-fruit
attempt to deal with errors when cloning the source repository.

refs sysadmin#11869

Remove custom window-center extension

Closes #19489

See merge request tails/tails!1072

Test suite: Fix step "Tails has no disk swap enabled"

Closes #19533

See merge request tails/tails!1073

19474 confidential symlink attack

See merge request boyska/tails!1

Currently translated at 66.6% (6 of 9 strings)

Translation: Tails/wiki/src/doc/persistent_storage/use.*.po
Translate-URL: https://translate.tails.boum.org/projects/tails/wikisrcdocpersistent_storageusepo/fr/

Currently translated at 55.5% (5 of 9 strings)

Translation: Tails/wiki/src/doc/persistent_storage/use.*.po
Translate-URL: https://translate.tails.boum.org/projects/tails/wikisrcdocpersistent_storageusepo/fr/

Currently translated at 100.0% (9 of 9 strings)

Translation: Tails/wiki/src/doc/persistent_storage/open.*.po
Translate-URL: https://translate.tails.boum.org/projects/tails/wikisrcdocpersistent_storageopenpo/fr/

Currently translated at 77.2% (17 of 22 strings)

Translation: Tails/wiki/src/doc/persistent_storage/create.*.po
Translate-URL: https://translate.tails.boum.org/projects/tails/wikisrcdocpersistent_storagecreatepo/fr/