Limit attack surface of SignstarOS image

As mentioned in #48 (comment 213305), we want to prevent the potential abuse of NetHSM credentials on the Signstar host as much as possible.

To ensure this, we should remove executables and integration of the OS as much as possible. Specifically useful tools for an attack such as curl, etc. come to mind.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Limit attack surface of SignstarOS image