Lnd cannot be configured to self-generate keys and certs

[ekimber]

The lnd TLS key and certificate are generated by the secrets script. If this is set to manual, for example, if you wish to supply preconfigured secrets with sops, then no key and certificate are generated. However, lnd cannot generate its own certificates in /etc/nix-bitcoin-secrets because of permissions. Perhaps there is a reason that the lndCert option is read only? If I allow the relevant options to be set then lnd can generate the certs. It seems to me that the cert is effectively a runtime thing and doesn't necessarily belong in the /etc/ directory