feat: add runtime secrets generation to setup_credentials

- Added call to load-keystore-secrets.sh in setup_credentials function
- Generates /run/aitbc/secrets/.env during setup
- Required by blockchain-node and blockchain-rpc systemd services
- Added error handling if secrets generation fails
- Prevents service startup failures due to missing runtime secrets
- Fixes hermes setup stumble where services failed to start

scripts/setup.sh

@@ -386,6 +386,17 @@ setup_credentials() {
         log "Added API_KEY_HASH_SECRET to .env"
     fi
 
+    # Generate runtime secrets file for systemd services
+    log "Generating runtime secrets file..."
+    if [ -f "/opt/aitbc/scripts/utils/load-keystore-secrets.sh" ]; then
+        /opt/aitbc/scripts/utils/load-keystore-secrets.sh || {
+            warning "Failed to generate runtime secrets file"
+            warning "Services may fail to start without /run/aitbc/secrets/.env"
+        }
+    else
+        warning "load-keystore-secrets.sh not found, skipping runtime secrets generation"
+    fi
+
     success "Secure credentials setup completed"
 }