{generate,setup}-secrets: remove process hardening

ProtectSystem=full disables writing to /etc which is the default
secrets location.

Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.

modules/secrets/generate-secrets.nix

@@ -14,7 +14,7 @@ with lib;
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
-    } // config.nix-bitcoin-services.defaultHardening;
+    };
     script = ''
       mkdir -p "${config.nix-bitcoin.secretsDir}"
       cd "${config.nix-bitcoin.secretsDir}"

modules/secrets/secrets.nix

@@ -56,7 +56,7 @@ in
       serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
-      } // config.nix-bitcoin-services.defaultHardening;
+      };
       script = ''
         setupSecret() {
             file="$1"