fix(deploy): template --group on the bus ExecStart too

decnet-bus.service.j2 ran with User={{ user }} / Group={{ group }}
but the actual bus CLI invocation hardcoded --group decnet. The bus
chowns /run/decnet/bus.sock to that group at 0660 — so when an
operator ran `decnet init --group anti`, the socket ended up
owned by decnet:decnet while every worker (agent, api, collector,
forwarder, prober, updater) ran as anti and got EACCES on connect().

Each worker's bus-wiring catches the error, logs a warning, sets
bus=None, and carries on — which is correct for the data-plane but
silently kills Workers-panel heartbeats (run_health_heartbeat(None,
...) no-ops). So half the worker grid showed UNKNOWN even though
systemctl confirmed the processes were alive.

Swap the hardcoded --group decnet for --group {{ group }} so the
socket is owned by the same group the workers run under.

deploy/decnet-bus.service.j2

@@ -12,14 +12,17 @@ WorkingDirectory={{ install_dir }}
 EnvironmentFile=-{{ install_dir }}/.env.local
 # /run/decnet is created automatically with the RuntimeDirectory= directive
 # below (mode 0755, owned by User/Group) and cleaned up on stop. The bus
-# socket is placed inside it with 0660 perms so only the decnet group can
+# socket is placed inside it with 0660 perms so only the configured
-# connect.
+# DECNET group (--group) can connect. That group is rendered here so
+# `decnet init --group anti` results in a socket every worker running
+# as anti can actually connect() to — otherwise every worker falls
+# back to bus=None and the Workers panel sees no heartbeats.
 RuntimeDirectory=decnet
 RuntimeDirectoryMode=0755
 Environment=DECNET_SYSTEM_LOGS=/var/log/decnet/decnet.bus.log
 ExecStart={{ venv_dir }}/bin/decnet bus \
     --socket /run/decnet/bus.sock \
-    --group decnet
+    --group {{ group }}
 StandardOutput=append:/var/log/decnet/decnet.bus.log
 StandardError=append:/var/log/decnet/decnet.bus.log