fix(infra): run services as padelnomics_service user instead of root

- setup_server.sh now requires root, creates padelnomics_service user,
  adds to docker group, generates deploy key in service user's home,
  owns /opt/padelnomics and /data/padelnomics to service user
- supervisor service: User=padelnomics_service, updated PATH
- landing-backup service: User=padelnomics_service

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

infra/supervisor/padelnomics-supervisor.service

@@ -5,13 +5,13 @@ Wants=network-online.target
 
 [Service]
 Type=simple
-User=root
+User=padelnomics_service
 WorkingDirectory=/opt/padelnomics
 ExecStart=/bin/sh -c 'exec uv run python src/padelnomics/supervisor.py'
 Restart=always
 RestartSec=10
 EnvironmentFile=/opt/padelnomics/.env
-Environment=PATH=/root/.local/bin:/usr/local/bin:/usr/bin:/bin
+Environment=PATH=/home/padelnomics_service/.local/bin:/usr/local/bin:/usr/bin:/bin
 Environment=LANDING_DIR=/data/padelnomics/landing
 Environment=DUCKDB_PATH=/data/padelnomics/lakehouse.duckdb
 Environment=SERVING_DUCKDB_PATH=/data/padelnomics/analytics.duckdb