This does two things:
- add a group "mumblecert" which is allowed to read the mumble.hacc.space
cert, and add both nginx and murmur's users to it
- remove the website's derivation from services/murmur.nix and instead
add it to the websites/ dir and handle it the same as all our other sites
