Allow mixing ca-enabled and non-ca-enabled builders

[thufschmitt]

Is your feature request related to a problem? Please describe.

Like recursive-nix, ca-derivations is (partially) a build-time feature. This means that (in a distributed build scenario) a remote builder must have the experimental feature enabled to be able to build a ca derivation.
However (unlike recursive-nix), there's currently no way to tell at a distance whether a builder will support it or not, meaning that the scheduler might sent ca derivations to non-ca-enabled builders (which will miserably fail).

Describe the solution you'd like

Like for recursive-nix, make content-addressed derivations require a ca-derivations system feature (implicitly though), and make the ca-derivation experimental feature add this system feature to the default set.

Describe alternatives you've considered

• Do nothing and require users to manually do the system-feature dance if they need to (possibly adding the requiredSystemFeature at the nixpkgs level, at least as a transitionary measure)
• Abuse the fact that remote builders must be trusted users to force them to use the experimental feature. But that sounds rather bad, and wouldn't work with older Nix.

[Ericson2314]

Abuse the fact that remote builders must be trusted users to force them to use the experimental feature. But that sounds rather bad, and wouldn't work with older Nix.

In fact, ca-enabled builds should work with untrusted users. This is tested on the Nix side, but I suppose we might want to test it on the hydra side too.

[thufschmitt]

In fact, ca-enabled builds should work with untrusted users

Yes, I guess that’s one more reason why this suggestion is pretty stupid 🙃