[feature]: add a flag `--do-not-auto-generate-macaroons` to `lnd`

[ZZiigguurraatt]

When using LND inside of a kubernetes environment, lndinit is often times used to initially provision the node by generating a wallet password, seed, and the wallet itself.

Once the wallet password, seed, and wallet are created, the wallet is loaded and auto unlocked using a password file by using the --wallet-unlock-password-file flag with lnd.

When using lndinit, we strive to not write any privelaged information to the filesystem, instead storing it in kubernetes secrets. So, the password file is not actually a file, but instead a named pipe (https://github.com/lightninglabs/lndinit/blob/9d2de93a757b39b58631971d4dcd67a2d286bb23/example-init-wallet-k8s.sh#L53-L64). The reason for this is we would like to enforce a "read once" of the password file, and hope that lnd is the first process that tries to read from this named pipe.

However, all of this is sort of undone when lnd auto writes the admin macaroon to the disk on each launch if it does not exist.

When not using a password file and unlocking via the RPC, we have an option

   --stateless_init         do not create any macaroon files in the file system of the daemon

(https://lightning.engineering/api-docs/api/lnd/wallet-unlocker/unlock-wallet/)

but this does not exist for the --wallet-unlock-password-file flag with lnd. Likely the thought process was that if you have a unlock file somewhere on your filesystem you are not going to care if the admin macaroon is written out to the disk, but in reality we can have have different permissions on different parts of our filesystem, and we can have named pipes which aren't even stored on a persistent disk medium anywhere.

Therefor, we should also have a flag

--do-not-auto-generate-macaroons

for lnd that can work when an unlock file is in use (or when you'd rather enforce this without needing to pass --stateless_init to lncli unlock).

One workaround I've discovered to this issue is that you can have a pre-existing empty file named admin.macaroon at ~/.lnd/data/chain/bitcoin/regtest/ and lnd will not overwrite it with the actual admin macaroon, but I think that is a cumbersome approach.

[github-actions]

Found 1 possible duplicate issue:

1. StatelessInit as option LND config #6203

If this issue is a duplicate, please close it and 👍 the existing issue instead.

🤖 Generated with Claude Code

[ZZiigguurraatt]

Found 1 possible duplicate issue:

1. [StatelessInit as option LND config #6203](https://github.com/lightningnetwork/lnd/issues/6203)

If this issue is a duplicate, please close it and 👍 the existing issue instead.

🤖 Generated with Claude Code

I did not see that issue, but it is closed and does not mention the use of lndinit and named pipes as a motivator.

[ZZiigguurraatt]

One other workaround that I'm not sure why it is not used in https://github.com/lightninglabs/lndinit/blob/main/example-init-wallet-k8s.sh is to run lncli unlock --stateless_init in a background process looping until lnd actually finishes up booting and the unlock succeeds. Would like more feedback from others on this.