fix(nixos/rustfs): switch to file-based credentials via LoadCredential

- Rename options `accessKey`/`secretKey` to `accessKeyFile`/`secretKeyFile` to reflect usage.
- Switch environment variables to `RUSTFS_ACCESS_KEY_FILE` and `RUSTFS_SECRET_KEY_FILE` to fix type mismatches (raw string vs path).
- Implement systemd `LoadCredential` with `%d` expansion for secure secret injection.

Author: houseme

nixos/rustfs.nix

@@ -175,8 +175,8 @@ in
         RUSTFS_CONSOLE_ADDRESS = cfg.consoleAddress;
         RUST_LOG = cfg.logLevel;
         # Use %d to reference the credentials directory set by LoadCredential
-        RUSTFS_ACCESS_KEY = "file:%d/access-key";
-        RUSTFS_SECRET_KEY = "file:%d/secret-key";
+        RUSTFS_ACCESS_KEY_FILE = "%d/access-key";
+        RUSTFS_SECRET_KEY_FILE = "%d/secret-key";
       } // lib.optionalAttrs (cfg.logDirectory != null) {
         RUSTFS_OBS_LOG_DIRECTORY = cfg.logDirectory;
       } // cfg.extraEnvironmentVariables;