risc0 compiles its Metal (GPU) prover kernels by invoking `xcrun metal` /
`xcrun metallib`. Under nix, the darwin stdenv exports DEVELOPER_DIR and
SDKROOT pointing at its own SDK, which makes xcrun look for the `metal`
tool in the wrong place and fail with:
error: cannot execute tool 'metal' due to missing Metal Toolchain;
use: xcodebuild -downloadComponent MetalToolchain
...even when a working Metal Toolchain is installed (the same call succeeds
in a clean environment where those vars are unset).
Wrap xcrun with a small shim, placed first in PATH, that clears
DEVELOPER_DIR/SDKROOT for `metal`/`metallib` invocations only — so they
resolve the system Xcode Metal Toolchain — while every other xcrun call
passes through with the nix environment intact. This makes wallet-ffi
build with real GPU prover kernels on macOS, with no --override-input
workaround needed downstream.
Note: on recent macOS the Metal Toolchain is a per-user component, so
`xcodebuild -downloadComponent MetalToolchain` must have been run by the
building user (and builds still require `--option sandbox false`).
