- Fail at evaluation when secrets setup is not configured.
Previously, bitcoind failed at runtime due to the missing secrets target.
- Fail at evaluation when conflicting secrets setup methods are used.
This happens when `secretsSetupMethod` has more than one definition.
With krops or nixops the secrets target is always restarted during
the deployment process.
This previously caused unnecessary restarts of all nix-bitcoin services.
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.
Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.
Also rename option setup-secrets -> setupSecrets.
ProtectSystem=full disables writing to /etc which is the default
secrets location.
Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.
Old secrets are automatically converted to the new format when running
nix-shell.
Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
