feat: implement orchestrated auto-update system and fix deployment

- Add sma user module to little-rascal configuration for passwordless deployment
- Replace cosmic-greeter with greetd on both congenital-optimist and little-rascal
- Implement staggered auto-update system that updates remote machines first
- Add proper SSH user configuration for secure deployments
- Fix deployment permission issues by configuring admin user access
- Ensure orchestrator machine (congenital-optimist) reboots last to prevent SSH disconnection
- Add comprehensive error handling and update reporting
- Successfully tested lab tool deployment and auto-update on all machines

Fixes the critical issue where orchestrator reboot could break SSH connections
during multi-machine updates.

machines/congenital-optimist/configuration.nix

@@ -58,7 +58,20 @@
         path = "/boot";
       }
     ];
-  }; # ZFS services for this machine
+  };
+
+  # Display manager - use greetd instead of cosmic-greeter
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.zsh}/bin/zsh";
+        user = "greeter";
+      };
+    };
+  };
+
+  # ZFS services for this machine
   services.zfs = {
     autoScrub.enable = true;
     trim.enable = true;