nixos/postfix: allow custom smtp_tls_security_level

I run Postfix on my workstation as a smarthost, where it only ever
talks to my SMTP server.  Because I know it'll only ever connect to
this server, and because I know this server supports TLS, I'd like to
set smtp_tls_security_level to "encrypt" so Postfix won't fall back to
an unencrypted connection.

nixos/modules/services/mail/postfix.nix

@@ -25,7 +25,7 @@ let
 
   clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
 
-  smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may";
+  smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may";
 
   mainCf = let
     escape = replaceStrings ["$"] ["$$"];