fix orion: remove bogus "crypted" LUKS device reference

The FIDO2 crypttab options are already on the correct UUID-named device
in hardware-configuration.nix; the "crypted" name only applies to
disko-provisioned hosts (rift).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

hw/orion/default.nix

@@ -10,12 +10,6 @@
   ];
 
   config = {
-    # FIDO2 LUKS unlock (matches vade setup)
-    boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
-      "fido2-device=auto"
-      "token-timeout=10"
-    ];
-
     # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
     boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;