secrets: allow extending generate-secrets

`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.

modules/bitcoind.nix

@@ -394,15 +394,22 @@ in {
     };
     users.groups.${cfg.group} = {};
     users.groups.bitcoinrpc-public = {};
+
     nix-bitcoin.operator.groups = [ cfg.group ];
 
-    nix-bitcoin.secrets.bitcoin-rpcpassword-privileged.user = cfg.user;
-    nix-bitcoin.secrets.bitcoin-rpcpassword-public = {
-      user = cfg.user;
-      group = "bitcoinrpc-public";
-    };
+    nix-bitcoin.secrets = {
+      bitcoin-rpcpassword-privileged.user = cfg.user;
+      bitcoin-rpcpassword-public = {
+        user = cfg.user;
+        group = "bitcoinrpc-public";
+      };
 
-    nix-bitcoin.secrets.bitcoin-HMAC-privileged.user = cfg.user;
-    nix-bitcoin.secrets.bitcoin-HMAC-public.user = cfg.user;
+      bitcoin-HMAC-privileged.user = cfg.user;
+      bitcoin-HMAC-public.user = cfg.user;
+    };
+    nix-bitcoin.generateSecretsCmds.bitcoind = ''
+      makeBitcoinRPCPassword privileged
+      makeBitcoinRPCPassword public
+    '';
   };
 }