Getting Wayland to work on unprivileged Incus container

incus config device add "$CONTAINER" wayland proxy \
	connect=unix:"$XDG_RUNTIME_DIR"/"$WAYLAND_DISPLAY" \
	listen=unix:/run/user/1000/wayland-0 \
	bind=container \
	uid=1000 gid=1000 mode=0660 \
	security.uid=1000 security.gid=1000

incus config device add "$CONTAINER" gpu gpu

No need to mess with ID mapping or anything like that, apparently.

Works much better than waypipe for GPU-accelerated applications.