feat: bidirectional remote builders — server <> uConsole

Add reusable remote-builder NixOS module and builder system user.

Server (lazyworkhorse): dispatches aarch64-linux builds to uConsole
uConsole: dispatches x86_64-linux builds to server

The builder user uses the same SSH keypair on both hosts for
symmetric remote building. Generate the key with:
  ssh-keygen -t ed25519 -f /etc/ssh/builder_key -N ""
Add the public key to lib/keys.nix (replace PLACEHOLDER).

users/builder.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, keys, ... }: {
+  users.users.builder = {
+    isSystemUser = true;
+    group = "builder";
+    home = "/var/empty";
+    createHome = false;
+    shell = pkgs.nologin;
+    openssh.authorizedKeys.keys = with keys; [
+      users.builder.main
+    ];
+  };
+  users.groups.builder = {};
+}