Static build

[eamsden]

Right now we link c dependencies (most notably Urcrypt and its transitive dependencies) by building them with Nix. This defaults to dynamic linking. An executable built this way cannot be distributed independently as it depends on shared objects from the Nix store. We should build a statically linked binary, but this is complicated by conflicting opinions in our dependencies:

• Rust really does not want to link statically against glibc (though it can allegedly be convinced), but will happily link statically against musl. However musl is a Tier-2 support target for Rust!
• urcrypt's dependencies are very difficult to properly statically link at all (looking at you libaes_siv), and pitch a bigger fit when the libc in question is musl
• Nix really only offers a static package set linked against musl.

[eamsden]

Depends on #156

[eamsden]

Verified that we can do this after #189 so long as we make sure a static glibc is available.