fix: hard-reset nodes before kubeadm join retries

Before control-plane and worker joins, remove stale kubelet/kubernetes identity files and run kubeadm reset -f. This prevents preflight failures like FileAvailable--etc-kubernetes-kubelet.conf during repeated reconcile attempts.

nixos/kubeadm/modules/k8s-common.nix

@@ -338,12 +338,16 @@ in
         > /etc/kubernetes/manifests/kube-vip.yaml
 
       rm -f /var/lib/kubelet/config.yaml /var/lib/kubelet/kubeadm-flags.env
+      rm -f /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf
+      rm -f /var/lib/kubelet/kubeconfig /var/lib/kubelet/instance-config.yaml
+      rm -rf /var/lib/kubelet/pki
 
       systemctl unmask kubelet || true
       systemctl stop kubelet || true
       systemctl enable kubelet || true
       systemctl reset-failed kubelet || true
       systemctl daemon-reload
+      env -i PATH=/run/current-system/sw/bin:/usr/bin:/bin kubeadm reset -f || true
       eval "$1"
     '')
 
@@ -356,12 +360,16 @@ in
       fi
 
       rm -f /var/lib/kubelet/config.yaml /var/lib/kubelet/kubeadm-flags.env
+      rm -f /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf
+      rm -f /var/lib/kubelet/kubeconfig /var/lib/kubelet/instance-config.yaml
+      rm -rf /var/lib/kubelet/pki
 
       systemctl unmask kubelet || true
       systemctl stop kubelet || true
       systemctl enable kubelet || true
       systemctl reset-failed kubelet || true
       systemctl daemon-reload
+      env -i PATH=/run/current-system/sw/bin:/usr/bin:/bin kubeadm reset -f || true
       eval "$1"
     '')