nixos/mautrix-whatsapp: use static user and group

The DynamicUser mechanism does not allow share the bridge
registration.yaml file with matrix-synapse in any easy way:

1. the mautrix-whatsapp group under which the service runs is not in
   /etc/group, so you can't add matrix-synapse to this.
   This makes the group read bit on the file useless as the group is
   effectively always empty.

2. It's not possible to use ACLs or copy the file during preStart or
   postStart because the commands are executed with low priviledges.

By using a normal (static) user/group the secret can be shared with
synapse as follows:

  services.matrix_synapse.settings.app_service_config_files =
    [ "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" ];

  users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ];

nixos/modules/services/matrix/mautrix-whatsapp.nix

@@ -117,6 +117,16 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+
+    users.users.mautrix-whatsapp = {
+      isSystemUser = true;
+      group = "mautrix-whatsapp";
+      home = dataDir;
+      description = "Mautrix-WhatsApp bridge user";
+    };
+
+    users.groups.mautrix-whatsapp = {};
+
     services.mautrix-whatsapp.settings = {
       homeserver.domain = lib.mkDefault config.services.matrix-synapse.settings.server_name;
     };
@@ -158,10 +168,11 @@ in {
       '';
 
       serviceConfig = {
-        DynamicUser = true;
+        User = "mautrix-whatsapp";
+        Group = "mautrix-whatsapp";
         EnvironmentFile = cfg.environmentFile;
         StateDirectory = baseNameOf dataDir;
-        WorkingDirectory = "${dataDir}";
+        WorkingDirectory = dataDir;
         ExecStart = ''
           ${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
           --config='${settingsFile}' \