Refactor imports and secrets. Add per system properties and role based secret access.

Highlights
- No need to update flake for every machine anymore, just add a properties.nix file.
- Roles are automatically generated from all machine configurations.
- Roles and their secrets automatically are grouped and show up in agenix secrets.nix
- Machines and their service configs may now query the properties of all machines.
- Machine configuration and secrets are now competely isolated into each machine's directory.
- Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones.
- SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.

common/default.nix

@@ -1,10 +1,5 @@
 { config, pkgs, ... }:
 
-let
-  ssh = import ./ssh.nix;
-  sshUserKeys = ssh.users;
-  sshHigherTrustKeys = ssh.higherTrustUserKeys;
-in
 {
   imports = [
     ./backups.nix
@@ -15,6 +10,8 @@ in
     ./boot
     ./server
     ./pc
+    ./machine-info
+    ./ssh.nix
   ];
 
   nix.flakes.enable = true;
@@ -68,12 +65,12 @@ in
       "dialout" # serial
     ];
     shell = pkgs.fish;
-    openssh.authorizedKeys.keys = sshUserKeys;
+    openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
     hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
     uid = 1000;
   };
   users.users.root = {
-    openssh.authorizedKeys.keys = sshHigherTrustKeys;
+    openssh.authorizedKeys.keys = config.machines.ssh.deployKeys;
   };
   nix.settings = {
     trusted-users = [ "root" "googlebot" ];