Describe the bug

auto-allocate-uids mounts extra-sandbox-paths as nobody:nogroup instead of the previous nobody:nixbld making secure access for secrets via sandbox-paths impossible, unless they are mounted as 007 which is probably almost equal to 777.
The file cannot be chowned because of the mount and it cannot be copied because it can't be read.

Steps To Reproduce

1. Enable auto-allocate-uids setting
2. Mount a file which is has permissions 770 via extra-sandbox-paths setting
3. Try to access the file in the sandbox which go mounted as nobody:nogroup regardless of path
4. Access always fails because the sandbox user is nixbld:nixbld and does not have enough permissions

Expected behavior

There should be no difference in owner and permissions of sandbox-paths when auto-allocate-uids is used.

nix-env --version output
nix-env (Nix) 2.17.1

Additional context

Add any other context about the problem here.

Priorities

Add 👍 to issues you find important.