828ffefd73
Bring the relay package up to the Grin-style guided-setup standard, matching GoblinPay's wizard experience: - install.sh at the repo root: one interactive script that asks a single topology question (name service alongside the relay / on a separate domain / relay only / authority standalone), builds what was chosen, installs the hardened systemd units, and hands off to the authority's setup wizard. Every prompt has a default; re-runnable; never clobbers an existing config. - Secret hardening (new house rule): the GoblinPay token and optional webhook secret are collected over HIDDEN prompts (terminal echo off via libc termios) and written to a root-only 0600 file, never the (proxy/backup-exposable) env file. The env file only references GOBLINPAY_TOKEN_FILE / GOBLINPAY_WEBHOOK_SECRET_FILE. install.sh drops in a systemd credential (LoadCredential + Environment=%d) so the DynamicUser reads a copy without the file being broadly readable; the base unit stays valid for a free (no-secret) authority. Aligns with GoblinPay's 0400 wallet-password + *_FILE pattern (feat/secret-hardening branch does not exist yet; used root-only 0600 config). - `floonet-name-authority setup [--reconfigure]` subcommand so install.sh can drive the wizard explicitly; the auto-run-on-first-launch path stays. - config.rs reads GOBLINPAY_WEBHOOK_SECRET_FILE (mirrors the token _FILE path). - README, .env.example, and the systemd unit header document the guided path and the secret model. Authority tests (incl. a new secret-out-of-env test) and the 32 plugin tests stay green; fmt/clippy clean.