enable-tor: disable default onion services for clightning, lnd, btcpayserver

In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.

modules/versioning.nix

@@ -5,7 +5,19 @@ let
   version = config.nix-bitcoin.configVersion;
 
   # Sorted by increasing version numbers
-  changes = [
+  changes = let
+    mkOnionServiceChange = service: {
+      version = "0.0.30";
+      condition = config.services.${service}.enable;
+      message = ''
+        The onion service for ${service} has been disabled in the default
+        configuration (`secure-node.nix`).
+
+        To enable the onion service, add the following to your configuration:
+        nix-bitcon.onionServices.${service}.enable = true;
+      '';
+    };
+  in [
     {
       version = "0.0.26";
       condition = config.services.joinmarket.enable;
@@ -54,6 +66,9 @@ let
         https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/v0.8.0/docs/NATIVE-SEGWIT-UPGRADE.md
       '';
     }
+    (mkOnionServiceChange "clightning")
+    (mkOnionServiceChange "lnd")
+    (mkOnionServiceChange "btcpayserver")
   ];
 
   incompatibleChanges = optionals