ingest-router: Generate relay credentials

[lynnagara]

• Adds the synapse generate-credentials command that generates a ed25519 relay keypair
• Add round trip test using credentials generation and RelayVerifier
• make generate-credentials writes a gitignored relay-credentials.json if one doesn't already exist
• Commits a devservices credentials file that will be used when running sentry in cell-routing mode. The id/public key will be registered with sentry
• Also updates the relay_keys block in the ingest-router devservices config to include the key relay uses when running in sentry devservices

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 2f7944a. Configure here.}

[cursor]

Failed run leaves empty credentials

Medium Severity

The generate-credentials target writes to relay-credentials.json via shell redirection and only skips generation when the file exists. If cargo run generate-relay-credentials fails after the shell truncates the file, an empty or partial file remains and later runs never regenerate valid credentials.

 

^{Reviewed by Cursor Bugbot for commit 2f7944a. Configure here.}

[lynnagara]

we can live with this - it's a convenience for dev

[GabeVillalobos]

I don't think it's very likely that this will fail, but fair. It probably should overwrite the file when rerun though 🤔

[GabeVillalobos]

Wrote this before seeing your comment Lyn, for sure it's a super minor issue.