feat: migrate from S3 binary cache to Attic

Replace the S3-based Nix binary cache with Attic, a multi-tenant
binary cache server with better deduplication and garbage collection.

Changes:
- Install attic-client system-wide from nixpkgs
- Update substituter URL from s3.toph.so to cache.toph.so/toph
- Replace S3 cache keys with Attic cache signing key
- Add attic client config for endurance host

The Attic cache provides the same functionality as the S3 cache but
with improved performance and multi-tenancy support.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

home/by-host/endurance/config/attic.nix

@@ -0,0 +1,7 @@
+{...}: {
+  # Attic binary cache client configuration
+  xdg.configFile."attic/config.toml".text = ''
+    [cache.toph]
+    endpoint = "https://cache.toph.so"
+  '';
+}

modules/generic/default.nix

@@ -24,5 +24,6 @@
     just
     nh
     age
+    attic-client
   ];
 }

modules/generic/nix.nix

@@ -32,12 +32,11 @@
       trusted-users = ["root" "@wheel"];
       substituters = [
         "https://cache.nixos.org/"
-        "https://s3.toph.so/nix-cache"
+        "https://cache.toph.so/toph"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
-        "cache.toph.so:sre7NaMFLUyRGuHY5MoC4Il4wD9lC53Ct0D1A/lwb+A="
-        "cache.toph.so-ci:e5n27lZmhhdQvYClj9PZUFJIYwiBfC7eJkEXe8h4PKU="
+        "toph:E/oP7KyljH/yprI5LArxNPpSlQCdo29sMOkh3jm53Yg="
       ];
     };
   };