home-manager: verify username and home directory

The generation activation script should be run by the user specified
in `home.username` and `home.homeDirectory`. If some other user runs
the activation script, then files may end up in the wrong place or
with the wrong owner.

This commits adds a check early in the activation script that verifies
that the running user match the user in the configuration.

Fixes #4019

modules/home-environment.nix

@@ -704,6 +704,9 @@ in
 
           ${builtins.readFile ./lib-bash/activation-init.sh}
 
+          checkUsername ${escapeShellArg config.home.username}
+          checkHomeDirectory ${escapeShellArg config.home.homeDirectory}
+
           ${activationCmds}
         '';
       in