feat: add CrowdSec security module

- Wraps native NixOS CrowdSec service
- Configures SSH and nginx log acquisition
- Installs linux/nginx/sshd hub collections
- Supports IP whitelisting and ban duration config
- Optional nginx bouncer integration (requires manual API key setup)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

configuration.nix

@@ -113,4 +113,10 @@
     domain = "vault.ashisgreat.xyz";
     signupAllowed = false;
   };
+
+  # === CrowdSec ===
+  myModules.crowdsec = {
+    enable = true;
+    enableNginxBouncer = false;  # Set to true after configuring bouncer API key
+  };
 }