simplify secrets file format

Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.

Old secrets are automatically converted to the new format when running
nix-shell.

Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.

network/network.nix

@@ -5,10 +5,11 @@
     { config, pkgs, lib, ... }: {
       imports = [ ../configuration.nix ];
 
-      deployment.keys = (import ../modules/secrets/make-secrets.nix {
-        inherit config;
-        secretsFile = ../secrets/secrets.nix;
-      }).activeSecrets;
+      deployment.keys = builtins.mapAttrs (n: v: {
+        keyFile = "${toString ../secrets}/${n}";
+        destDir = "/secrets/";
+        inherit (v) user group permissions;
+      }) config.nix-bitcoin.secrets;
 
       # nixops makes the secrets directory accessible only for users with group 'key'.
       # For compatibility with other deployment methods besides nixops, we forego the