feat(home): expand claude-code read permissions for nix store and systemd

- Allow Read(/nix/store/*) for inspecting derivations and build outputs
- Replace narrow systemctl entries with full read-only coverage (cat,
  is-active, is-enabled, is-failed, list-jobs, list-sockets, list-timers,
  list-unit-files, list-units, show, status)
- Fix journalctl permission syntax (colon → space)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: stackptr

modules/home/development.nix

@@ -42,6 +42,8 @@ in {
           autoMemoryEnabled = false;
           permissions = {
             allow = [
+              # Nix store (read-only access for inspecting derivations and build outputs)
+              "Read(/nix/store/*)"
               # File exploration
               "Bash(cat *)"
               "Bash(cut *)"
@@ -155,10 +157,19 @@ in {
               "Bash(gt restack*)"
               "Bash(gt sync*)"
               # System
-              "Bash(journalctl:*)"
+              "Bash(journalctl *)"
               "Bash(mkdir *)"
-              "Bash(systemctl list-jobs:*)"
-              "Bash(systemctl status:*)"
+              "Bash(systemctl cat *)"
+              "Bash(systemctl is-active *)"
+              "Bash(systemctl is-enabled *)"
+              "Bash(systemctl is-failed *)"
+              "Bash(systemctl list-jobs*)"
+              "Bash(systemctl list-sockets*)"
+              "Bash(systemctl list-timers*)"
+              "Bash(systemctl list-unit-files*)"
+              "Bash(systemctl list-units*)"
+              "Bash(systemctl show *)"
+              "Bash(systemctl status *)"
               "WebFetch(domain:raw.githubusercontent.com)"
               "WebFetch(domain:github.com)"
               "WebSearch"