Add LiveKit, coturn, and JWT service to Matrix module

- Integrate LiveKit SFU, coturn TURN server, and lk-jwt-service for
  Element Call support in the Matrix Synapse module
- Add firewall rules for new services and ports
- Add key generation systemd service for LiveKit JWT
- Extend Synapse config with TURN URIs and experimental features
- Update Caddy config for new endpoints and well-known support
- Improve OIDC config with additional scopes and user mapping
- Add Grafana secret_key to SOPS secrets and config
- Refactor and modularize secret checking in justfile scripts

modules/nixos/services/observability/grafana/default.nix

@@ -30,6 +30,10 @@ in {
             domain = "ulmo";
           };
 
+          security = {
+            secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
+          };
+
           auth = {
             disable_login_form = false;
             oauth_auto_login = true;
@@ -133,6 +137,10 @@ in {
 
     sops = {
       secrets = {
+        "grafana/secret_key" = {
+          owner = "grafana";
+          group = "grafana";
+        };
         "grafana/oidc_id" = {
           owner = "grafana";
           group = "grafana";