Avoid repetition of the secret destination paths in issuer config

morph/lib/make-issuer.nix

@@ -8,7 +8,7 @@
 , stateVersion
 , publicIPv4
 , ...
-}: {
+}: rec {
   deployment = {
     targetHost = publicIPv4;
 
@@ -41,8 +41,8 @@
   services.private-storage-issuer = {
     enable = true;
     tls = true;
-    ristrettoSigningKeyPath = "/var/secrets/ristretto.signing-key";
-    stripeSecretKeyPath = "/var/secrets/stripe.secret-key";
+    ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    stripeSecretKeyPath = deployment.secrets.stripe-secret-key.destination;
     database = "SQLite3";
     databasePath = "/var/db/vouchers.sqlite3";
     inherit letsEncryptAdminEmail;