treewide: ensure services are started after secrets setup

Now all services that access secrets only run after the secrets setup
has finished.

Previously, we assumed that the systemd `after` dependency is
transitive, i.e. that adding an `after = [ "bitcoind.service" ]`
to a service implicitly pulled in the `after` dependency to
`nix-bitcoin-secrets.target` (which is defined for `bitcoind`).
This is not the case. Services could start before secrets setup
had finished, leading to service failure.

modules/lightning-loop.nix

@@ -126,7 +126,7 @@ in {
     systemd.services.lightning-loop = {
       wantedBy = [ "multi-user.target" ];
       requires = [ "lnd.service" ];
-      after = [ "lnd.service" ];
+      after = [ "lnd.service" "nix-bitcoin-secrets.target" ];
       serviceConfig = nbLib.defaultHardening // {
         ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
         User = lnd.user;