feat(nix): improve Nextcloud Claude Bot security and user setup

- Set `User` and `Group` for the bot service to enhance security and isolation.
- Added system user and group for `claude-bot` with defined home directory.
- Modified secrets ownership to align with the new bot user.

systems/x86_64-linux/mx/nextcloud-claude-bot/default.nix

@@ -12,6 +12,7 @@
   sops.secrets."nextcloud-claude-bot/secret" = {
     sopsFile = ../../../../.secrets/hetzner/nextcloud-claude-bot.yaml;
     restartUnits = [ "nextcloud-claude-bot.service" ];
+    owner = "claude-bot";
   };
 
   # Nginx location for Nextcloud to send webhooks to the bot