Switch from baking in lighthouse to sync-proxy

[astarinmymind]

Using sync-proxy to keep the BOB EL in sync rather than baking in lighthouse is a simpler and safer solution.

• From an information perspective, sync-proxy only streams the necessary information in, while baking in lighthouse relies on information leakage control through engine API and CL P2P, which were not designed for a potentially malicious EL.
• Sync-proxy is open-source, used in production by Flashbots, and we plan to forward to sync-proxy from our production CL cluster and nginx setup.

Under the hood, sync-proxy will forward engine_forkchoiceUpdated and engine_newPayload events to keep searcher's EL in sync.

Possible concerns: no shared JWT secret with a synced CL client.

Additions:

• port forward 25590 from the host to the rootless podman container
• host firewall rule that always allows TCP inbound to port 25590

Removals:

• removed lighthouse package
• removed lighthouse firewall rules (port 9000)
• removed all searcher_netns rules and checks (port 9000)
• JWT secret mount in the searcher rootless podman container

Testing:

• I set up sync-proxy inside the rootless podman container with the following config:

./sync-proxy \
  -addr "0.0.0.0:25590" \
  -builders "http://localhost:8551"

• I verified sync-proxy can be reached with the firewall rules by running curl -v http://localhost:25590 from outside qemu.