lnd, joinmarket: don't write to secrets dir

Keeping the secrets dir read-only is more simple and robust.

- lnd seed mnemonic creation and joinmarket wallet creation can be
  run as the regular service user instead of root.

- It is easier to switch to a third-party secrets deployment
  method in the future.

Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.

test/tests.py

@@ -326,16 +326,22 @@ def _():
     files = {
         "bitcoind": "var/lib/bitcoind/test/wallet.dat",
         "clightning": "var/lib/clightning/bitcoin/hsm_secret",
-        "lnd": "secrets/lnd-seed-mnemonic",
-        "joinmarket": "secrets/jm-wallet-seed",
+        "lnd": "var/lib/lnd/lnd-seed-mnemonic",
+        "joinmarket": "var/lib/joinmarket/jm-wallet-seed",
         "btcpayserver": "var/backup/postgresql/btcpaydb.sql.gz",
     }
     actual_files = succeed(f"{run_duplicity} list-current-files file:///var/lib/localBackups")
 
-    for test, file in files.items():
-        if test in enabled_tests and file not in actual_files:
+    def assert_file_exists(file):
+        if file not in actual_files:
             raise Exception(f"Backup file '{file}' is missing.")
 
+    for test, file in files.items():
+        if test in enabled_tests:
+            assert_file_exists(file)
+
+    assert_file_exists("secrets/lnd-wallet-password")
+
 
 # Impure: restarts services
 @test("banlist-and-restart")