Add nix flake for reproducible builds

[krystophny]

Summary

• Adds flake.nix providing a development shell with all build dependencies from nixpkgs
• All deps (gfortran, cmake, ninja, openmpi, openblas, lapack, fftw, gsl, hdf5-fortran, netcdf, netcdf-fortran, zlib, curl, python3+numpy+scipy) are sourced purely from nix with no system/homebrew leakage
• Includes a packages.default derivation for nix build
• Works on all platforms via flake-utils.lib.eachDefaultSystem

HDF5 split-output workaround

Nixpkgs splits HDF5 into separate lib/dev/bin store outputs. The bundled hdf5-config.cmake hardcodes store paths via PACKAGE_PREFIX_DIR that break across these splits. The flake merges all outputs via symlinkJoin and patches the cmake config files to use the merged prefix.

Non-nix builds

Completely unaffected. No changes to CMakeLists.txt or any build scripts.

Verification

Pure nix shell (no system paths)

$ nix develop --ignore-environment --command bash -c 'cmake -S . -B /tmp/test -G Ninja -DHDF5_DIR=$HDF5_DIR'
-- Found system HDF5: 1.14.6
-- Smoke test for HDF5-Fortran: PASSED
-- Found system NetCDF-Fortran: /nix/store/.../include
-- Smoke test for NetCDF-Fortran: PASSED
-- Found system FFTW: /nix/store/.../libfftw3.dylib
-- Found GSL: /nix/store/.../include
-- Found BLAS: /nix/store/.../libopenblas.dylib
-- Found LAPACK: /nix/store/.../libopenblas.dylib
-- Found Python: /nix/store/.../python3.13
-- Configuring done (8.8s)

Full build succeeds (580/580 targets)

$ nix develop --ignore-environment --command bash -c 'cmake --build /tmp/test -j'
[580/580] Linking Fortran shared module _efit_to_boozer.cpython-313-darwin.so

No homebrew/system path leakage

$ grep "/opt/homebrew\|/usr/local\|Cellar" /tmp/test/CMakeCache.txt
CMAKE_INSTALL_PREFIX:PATH=/usr/local   # (default, not a dep)

Test plan

• nix flake check passes
• nix develop then cmake -S . -B build -G Ninja && cmake --build build succeeds
• make still works without nix (non-nix builds unaffected)