system/tailscale: loosen firewall for tailnet

modules/system/tailscale.nix

@@ -1,6 +1,7 @@
 { config, ... }: {
   age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
   me.binds."/var/lib/tailscale" = "tailscale";
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale_auth.path;