fix: Add mutex to nix_util::settings to prevent concurrent access segfault

Fixes #106

The Nix settings system uses global mutable state without internal
synchronization. When multiple threads call settings::set concurrently
(as happens in parallel test execution), this causes a segfault in the
C++ std::set implementation.

Changes:
- Add mutex to serialize access through the Rust API
- Add documentation explaining thread safety limitations
- Add Once guard in nix-flake tests to minimize concurrent access

The mutex provides protection between Rust callers, though it cannot
completely prevent C++ Nix code from modifying settings concurrently.

(cherry picked from commit 203917657b60c4e1dcbaf442bec64c37c634abc4)

rust/nix-flake/src/lib.rs

@@ -259,9 +259,16 @@ mod tests {
     use nix_store::store::Store;
 
     use super::*;
+    use std::sync::Once;
+
+    static INIT: Once = Once::new();
 
     fn init() {
-        nix_util::settings::set("experimental-features", "flakes").unwrap();
+        // Only set experimental-features once to minimize the window where
+        // concurrent Nix operations might read the setting while it's being modified
+        INIT.call_once(|| {
+            nix_util::settings::set("experimental-features", "flakes").unwrap();
+        });
     }
 
     #[test]