secrets: allow extending generate-secrets

`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.

modules/backups.nix

@@ -98,6 +98,12 @@ in {
       };
 
       nix-bitcoin.secrets.backup-encryption-env.user = "root";
+      nix-bitcoin.generateSecretsCmds.backups = ''
+        makePasswordSecret backup-encryption-password
+        if [[ backup-encryption-password -nt backup-encryption-env ]]; then
+           echo "PASSPHRASE=$(cat backup-encryption-password)" > backup-encryption-env
+        fi
+      '';
 
       services.backups.postgresqlDatabases = mkIf config.services.btcpayserver.enable [ "btcpaydb" ];
     };