Allow attaching to non-child processes by default

The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.