Allow clearnet routing

[nixbitcoin]

Time Horizon: Mid Term

Description: Allow off-by-default clearnet routing on top of network namespaces.

Motivation: It should be as easy as toggling a switch for user's who need it to route receive and send clearnet traffic in nix-bitcoin. This is especially important for companies and large infrastructure providers. Mentioned in other issues #94 #110 #179 #182

Implementation: Single option NAT forward for all public-facing services.

[nixbitcoin]

I propose adding a generalized option for each network-facing service (electrs, spark-wallet, c-lightning, lnd) that allows a user to specify exactly which kinds of networking he wants to accept.

The options would look something like this

services.electrs.networking.tor = true;
services.electrs.networking.clearnet = "tls-acme";
services.electrs.networking.wireguard = true;

allowing him to accept connections over Tor HS, clearnet (plain, tls-selfsigned OR tls-acme), and Wireguard. All connection information should show up in nodeinfo. Wireguard should display a QR code of the connection information in nodeinfo.

Tor HS configuration can remain as before.

Clearnet connections should all be routed over nginx, as this makes using TLS easy.

For Wireguard, the AllowedIPs field should be set to the IP behind the connection FQDN, so as to only forward traffic for that specific destination over Wireguard.

This would also close #182

[nixbitcoin]

This is possible and demonstrated under https://github.com/fort-nix/nixbitcoin.org