feat(clan): re-enable dm-pull-deploy via forked clan-community 🌊

Stage 4e, take 2. Point the clan-community input at our fork's branch
that sanitizes machine.name for data-mesher's file-name validator
(upstream PR: clan/clan-community#25). Revisit this pin once merged.

- flake.nix: clan-community.url → fork + fix branch
- flake-modules/clan.nix: re-adds meta.domain = "clan",
  inventory.instances.data-mesher (sunken-ship bootstrap, both default),
  inventory.instances.dm-pull-deploy (sunken-ship push, both default
  action="switch"), and clanHostsModule that puts /etc/hosts entries
  for <host>.clan → each machine's ZT IPv6 so libp2p multiaddr
  resolution works without a clan-domain DNS server.
- Generator vars for data-mesher + dm-pull-deploy signing keys were
  regenerated on sunken-ship (data-mesher isn't packaged for
  aarch64-darwin, so clan vars generate runs on Linux).

vars/shared/dm-pull-deploy-signing-key/signing.key/machines/sunken-ship

@@ -0,0 +1 @@
+../../../../../sops/machines/sunken-ship

vars/shared/dm-pull-deploy-signing-key/signing.key/secret

@@ -0,0 +1,18 @@
+{
+	"data": "ENC[AES256_GCM,data:SFWdcWNOT/lPnlk/03UrsejGiUiSE4540V0UVmd/2KxOnPf2463wlbCnx1pg4Y3dOScohNyM6MIU60/E8AZrQWUSYPM6RPVvW9Bpgb8WByUUABlxH3CxZth3ygpJGez/fchWFjkFUyydhcVWpm6UxmNnjhTwvq8=,iv:/n1pHl1DHy4pCVn1QuEK/+ud14ZWd0E5JfiMe8tczy0=,tag:NG8sO8Y8dujHVSh5d/ugFw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1g6y8gvcampqj5y3yzdajke2h5n7k6ckdg6a424cghy5325px7cmqjmmd28",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNmVGOUhDdHNlUm5GRjJo\nZFJJbUQyZys4ZjFiRUlyWUxuUnBuWmkyckVFCi8wZmdSeVBzbis4b1JZcU5QSDRp\nYXJBNzVIeXhSSnIyK1FTUDhUNFR2SVEKLS0tIFZtV0ZsRjdaaXMxbXF6S0VjV1J3\nelBUYWx0ZXpNMVZoK0dKdFdMYUpaMUEK1H4mOKs8CEtJ2P2aFkd9C2I7BRoqdZX9\nCowzfdUPQK3XwYxK0e+qM/eSPMsQr+IgPX4GtpIrkPUtkr9yNlXdTA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zy3q73pujauyajgfqwu0pnyy8732lzwvw87tu7p2xg3xuzaujc2qh6ql77",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeHB1d0hrenZxZVVaWDgr\nbjYzcEY5VjNqL3FIR2NyYkd3bzBXNmFnNFZnCkY5TlplcEhqd2JUOFdoZzdtTWJs\ncW5rbWNkUnZ6SXJzd3ltM0FDeGIyZzAKLS0tIDZKdjZuaGdLUFVrMUE4RG1SSi83\nTVM1b1dTeVppQ3ZmLzExOVFob3VxR0EKziFYIaTcseeGJgLzb4ZgTnAnwlPavqGZ\nQ2/zQjn3i1vu1Et/qlhxQGg4AxmP976b23iwm+JYn901i00VClOuJg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-04-20T17:57:26Z",
+		"mac": "ENC[AES256_GCM,data:Qb3eJPq4m95zvteRXmDqReXiNrGDIHsh4PLYC/BRVJKLH2NJcygFj7DRuMHsM8TITEewvee96wInBim8porAGnNPGVl9GZpKU8gVT1JPWbbWYa28AegFoTgLw7nsGfyGYtAso6NfN9uuBggFf6zHBeSbg1p87hUbyRhjnp7xnOg=,iv:ugJKegaaH/FKsGrvWXdwVojb/yAwKtREF3Ng/2qgsIY=,tag:jsZ2QnHuje683C/wM/OGHg==,type:str]",
+		"version": "3.12.2"
+	}
+}

vars/shared/dm-pull-deploy-signing-key/signing.key/users/danny

@@ -0,0 +1 @@
+../../../../../sops/users/danny