modules: services: woodpecker: allow setuid

I need it to be able to use `ssh-agent`, for some of my workflows.

modules/services/woodpecker/agent-exec/default.nix

@@ -45,6 +45,9 @@ in
       ];
 
       serviceConfig = {
+        # Same option as upstream, without @setuid
+        SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";
+
         BindPaths = [
           "/nix/var/nix/daemon-socket/socket"
           "/run/nscd/socket"