Make bluetooth opt-in in the Greeter

Like network cards, Bluetooth devices have MAC addresses which can potentially identify a user.

Bluetooth is enabled by default in Tails but we do not ship the corresponding userspace software stack. We now have a feature request to make it possible to disable bluetooth on boot/in the greeter.

Also see https://labs.riseup.net/code/projects/tails/repository/revisions/613b14c689c9b5d94361e90d4f9623fc27fdcef9/entry/wiki/src/doc/advanced_topics/wireless_devices.mdwn

A plan could be:

• at build time, blacklist bluetooth (bluetooth stack)
• at (early) boot, rfkill block bluetooth config/chroot_local-includes/usr/local/sbin/tails-set-wireless-devices-state
• in the Greeter, allow opting-in for Bluetooth
  • in PostLogin.default, pass Bluetooth user prefs to tails-unblock-network
  • in tails-unblock-network, if Bluetooth is enabled, remove the blacklist file and rfkill unblock bluetooth

• later
  • for added safety, disable system-wide daemon and/or move gnome-bluetooth files out of the way?
  • hardware-dependent device drivers?
  • support enabling Bluetooth post-login if I forgot?

Related issues

• Related to #5547
• Related to #5751 (closed)
• Related to #14957
• Related to #7787 (closed)
• Related to #15645 (closed)

Original created by @u on 10801 (Redmine)