Add systemd linger as deployment best practice

[platorunner]

Summary

Adds loginctl enable-linger openclaw to the server hardening step in SETUP.md.

Why this matters

Without lingering enabled, OpenClaw's systemd user services (like the gateway) terminate when the SSH session disconnects. This causes:

• openclaw gateway status failures with "Failed to connect to bus"
• Gateway stopping unexpectedly on logout
• Sub-agent spawning failures (pairing required errors)

What linger does

loginctl enable-linger creates a persistent user session that survives logouts, allowing user services to run continuously without an active SSH session.

Community validation

This is the standard fix documented in:

• OpenClaw GitHub issue #11805 (EC2/headless server fixes)
• OpenClaw GitHub issue #11293 (service stops on logout)
• Official OpenClaw docs and setup wizards
• Multiple community guides (Starlight VM, Hostinger)

Security note

Safe for single-user servers like DO droplets. Slightly increases attack surface (processes run without login) but mitigated by:

• Single-user environment
• Service isolation to openclaw user
• Standard practice for headless OpenClaw deployments

Not recommended for multi-user shared hosts without additional hardening.

Changes

• Added loginctl enable-linger openclaw to Step 2 (server hardening)
• Added comment explaining why it's needed