grsecurity: make GRKERNSEC y and PAX y implicit

These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.

nixos/modules/security/grsecurity.xml

@@ -208,8 +208,6 @@
         let
           kernel = pkgs.linux_grsec_nixos.override {
             extraConfig = ''
-              GRKERNSEC y
-              PAX y
               GRKERNSEC_CONFIG_AUTO y
               GRKERNSEC_CONFIG_SERVER y
               GRKERNSEC_CONFIG_SECURITY y

pkgs/build-support/grsecurity/default.nix

@@ -22,7 +22,11 @@ assert (kernel.version == grsecPatch.kver);
 overrideDerivation (kernel.override {
   inherit modDirVersion;
   kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
-  inherit extraConfig;
+  extraConfig = ''
+    GRKERNSEC y
+    PAX y
+    ${extraConfig}
+  '';
   ignoreConfigErrors = true;
 }) (attrs: {
   nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);

pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix

@@ -3,9 +3,6 @@
 with stdenv.lib;
 
 ''
-GRKERNSEC y
-PAX y
-
 GRKERNSEC_CONFIG_AUTO y
 GRKERNSEC_CONFIG_DESKTOP y
 GRKERNSEC_CONFIG_VIRT_HOST y

pkgs/top-level/all-packages.nix

@@ -10955,8 +10955,6 @@ in
   # An unsupported grsec xen guest kernel
   linux_grsec_server_xen = linux_grsec_nixos.override {
     extraConfig = ''
-      GRKERNSEC y
-      PAX y
       GRKERNSEC_CONFIG_AUTO y
       GRKERNSEC_CONFIG_PRIORITY_SECURITY y
       GRKERNSEC_CONFIG_SERVER y