Improve performance and harden kernel

Tweaks some memory management, kernel, and networking parameters to improve performance and harden. See https://wiki.archlinux.org/title/Sysctl

mkosi.extra/usr/lib/sysctl.d/00-kde-linux-default.conf

@@ -11,8 +11,17 @@ vm.page-cluster = 0
 vm.watermark_boost_factor = 0
 # Make kswapd more aggressive because zram is cheap
 vm.watermark_scale_factor = 125
+# Many Windows games need this disabled to run with proper performance; they abuse split locks
+kernel.split_lock_mitigate = 0
 # Not needed for us; disabling it increases speed and reduces power consumption
 kernel.nmi_watchdog = 0
+# Disable kexec as a security measure
+kernel.kexec_load_disabled=1
+# Use 'bbr' to achieve higher throughput when sending to high-latency destinations.
+# Also 'fq' to prevent one greedy app from causing lag (bufferbloat) for everything else.
+# `bbr` relies on pacing, and thus performs better with the `fq` qdisc.
+net.ipv4.tcp_congestion_control = bbr
+net.core.default_qdisc = fq
 # Ensure that applications don't break/complain from hitting the limit
 fs.inotify.max_user_instances = 8192
 fs.inotify.max_user_watches = 524288