fix: generate remote login secrets in compose

[Priveetee]

Summary

• make the compose stack generate remote login secrets in a persistent Docker volume
• mount generated secrets into Server and Token as read-only files
• remove the hard dependency on a local .env file for Server runtime defaults
• enable the internal Token remote-login service by default while keeping the admin toggle on Server

Production behavior

• Portainer and homelab users can paste the compose file without cloning the repository or running scripts
• the typetype-secrets init container exits after creating missing secrets; Exited (0) is expected
• existing real .env values keep priority over generated files
• this compose change must ship with the matching Server and Token image changes

Verification

• docker compose -f docker-compose.yml config
• compose config validation without .env
• BusyBox secret generation smoke: two 64-character secret files created in a Docker volume
• git diff --check
• dev branch checks passed: Coverage, CI, Docker

Rollback

• restore the previous compose file if stack startup regresses
• the generated Docker volume can stay in place; existing .env secrets remain supported