fix(media): add ReadWritePaths for jellyseerr ProtectSystem=strict

The upstream module sets ProtectSystem=strict which makes the entire
filesystem read-only. ReadWritePaths is needed to allow the static
jellyseerr user to write to the ZFS-backed configDir.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

services/jellyseerr.nix

@@ -25,6 +25,7 @@
     DynamicUser = lib.mkForce false;
     User = "jellyseerr";
     Group = "jellyseerr";
+    ReadWritePaths = [ service_configs.jellyseerr.configDir ];
   };
 
   users.users.jellyseerr = {