CI to check Nix flake

[bfops]

@gefjon is working on a new Nix flake. We would like CI to nix flake check it.

The easiest path to this is probably to run on a normal github runner, but use a Nix docker container.

[Eveeifyeve]

Here is an example gha workflow:

name: "Nix flake check"
on:
  pull_request:
jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v5
    - uses: cachix/install-nix-action@v31
      with:
        github_access_token: ${{ secrets.GITHUB_TOKEN }}
    - run: nix flake check

[jdetter]

We worked on this for a few hours and there are some remaining issues. The path forward is described in this new PR: #3955