feat: add secret settings manager and migration for legacy settings

- Implemented SecretSettingsManager to handle secret settings with encryption.
- Added functionality to migrate legacy plaintext settings into encrypted storage.
- Introduced methods for setting, getting, and clearing secret settings.
- Created tests for verifying the migration and canonicalization of secret settings.
- Updated app state to handle service updates via socket communication.
- Added interface for push service updates to manage service state changes.

ts/classes/onebox.ts

@@ -16,7 +16,7 @@ import { OneboxDnsManager } from './dns.ts';
 import { OneboxSslManager } from './ssl.ts';
 import { OneboxDaemon } from './daemon.ts';
 import { OneboxSystemd } from './systemd.ts';
-import { OneboxHttpServer } from './httpserver.ts';
+import type { OneboxHttpServer } from './httpserver.ts';
 import { CloudflareDomainSync } from './cloudflare-sync.ts';
 import { CertRequirementManager } from './cert-requirement-manager.ts';
 import { RegistryManager } from './registry.ts';
@@ -37,7 +37,7 @@ export class Onebox {
   public ssl: OneboxSslManager;
   public daemon: OneboxDaemon;
   public systemd: OneboxSystemd;
-  public httpServer: OneboxHttpServer;
+  public httpServer: OneboxHttpServer | null;
   public cloudflareDomainSync: CloudflareDomainSync;
   public certRequirementManager: CertRequirementManager;
   public registry: RegistryManager;
@@ -63,7 +63,7 @@ export class Onebox {
     this.ssl = new OneboxSslManager(this);
     this.daemon = new OneboxDaemon(this);
     this.systemd = new OneboxSystemd();
-    this.httpServer = new OneboxHttpServer(this);
+    this.httpServer = null;
     this.registry = new RegistryManager({
       dataDir: './.nogit/registry-data',
       port: 4000,