feat(pairing): POST /machines/{id}/pair endpoint (#9)

Wires the pairing service into the operator API. api_pair_machine:
  - _machine_owned_by ownership guard (404 on miss)
  - opens NsecBunkerAdminClient.from_settings() and runs pair_spire
  - maps bunker failures: not-configured -> 503, PairingError/NsecBunkerError
    -> 502 (nothing persisted on failure)
  - runs _assert_no_pubkey_collision on the bunker-minted hex, then
    set_machine_pairing persists machine_npub (= minted spire identity, so
    path-B roster routes it), bunker_spire_key_name, paired_at.

Re-pair supported; revoke/expiry gated on aiolabs/lnbits#54.

Adds Create... PairMachineData {relays} body, set_machine_pairing CRUD,
and 3 endpoint wiring tests (persist+collision, empty-relays 400, failure
502). 203 tests green. Pre-existing black/ruff debt in crud/views_api left
untouched (version-drift churn avoided); new code is lint-clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

models.py

@@ -81,6 +81,15 @@ class UpdateMachineData(BaseModel):
         return round(float(v), 4)
 
 
+class PairMachineData(BaseModel):
+    """Body for POST /machines/{id}/pair (S0 / #9). `relays` are the relays
+    the spire will use for its own events (kind-21000/30078) — typically the
+    operator's nostrrelay; the bunker connection relay is added separately
+    from the lnbits bunker settings."""
+
+    relays: list[str]
+
+
 # =============================================================================
 # DCA Clients — LP registrations, scoped per (machine, user).
 # =============================================================================