pam_env doens't load user's .pam_environment when home folder is encrypted with ecryptfs

Issue description

If I login while my home folder is encrypted with ecryptfs, apparently when pam_env.so tries to load my ~/.pam_environment, it fails because it's not available yet. If I run for example su -l on a shell after I login, my environmental variables from there are loaded.

Steps to reproduce

Use the following setting in /etc/nixos/configuration.nix:

security.pam.enableEcryptfs = true;

Encrypt your home folder using ecryptfs-migrate-home.
Put environmental variables in the encrypted home folder's ~/.pam_environment.

Other information

This bug seems somewhat common and it is also covered in some stack-exchange threads (1, 2) yet I don't think it's unavoidable. Back when I used Arch Linux, I didn't experience this and perhaps because I've strictly followed the Arch Linux Wiki as for setting up ecryptfs automount using PAM. Luckily, I've backups of my /etc/ configurations from Arch Linux and the main difference I can see between NixOS' /etc/pam.d/ and Arch Linux', is that there is no auth required pam_env.so in NixOS' /etc/pam.d/ and there are only session required pam_env.so. I'm pretty sure this is the source of this issue but I think this should be consulted with the author of services.pam.*.

I'll sum it up to this question:

Why do we use session required pam_env.so and not auth required pam_env.so?

Technical details

system: "x86_64-linux"
host os: Linux 5.1.10, NixOS, 19.09pre182971.a1dd419c1ff (Loris)
multi-user?: yes
sandbox: yes
version: nix-env (Nix) 2.2.2
channels(root): "nixos-19.09pre182971.a1dd419c1ff"
channels(doron): "nixos-unstable-19.09pre182743.7815c86c104"
nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

NixOS / nixpkgs