Remove dependency on nix-shell in shell scripts

[ninegua]

The current shell scripts (keygen.sh and yubicopy.sh) use nix-shell because they can be useful outside the USB drive too. But using them first time after booting into the USB drive will require Internet access to download some dev packages, which are actually not needed for running them.

To enable a fully functional offline setup, we should package the shell scripts properly as a nix derivation that can be separately installed.

[ninegua]

Commit 8ab8bd7 installs both scripts, with a main caveat: the script assumes suitable commands are in PATH, instead of embedding them. This is perhaps desirable because the same script might survive software upgrades or bug fixes, if a user choose to install new versions manually on the USB drive.