fix: Secure action runtime — ephemeral container with vault-injected secrets (#748)

Split secrets into two SOPS-encrypted files:
- .env.enc for agent secrets (FORGE_TOKEN, CLAUDE_API_KEY, etc.)
- .env.vault.enc for vault secrets (GITHUB_TOKEN, deploy keys, etc.)

Add ephemeral vault-runner container (profiles: ["vault"]) that receives
only vault secrets at runtime. Agents never see vault secrets; vault-runner
never sees agent secrets.

Key changes:
- bin/disinto: vault-run subcommand, dual-file secrets management,
  vault-runner service in compose template
- vault/vault-fire.sh: delegates action execution to vault-runner
  container via disinto vault-run (bare-metal fallback preserved)
- vault/vault-poll.sh: new phase 5 detects vault-bot authorized
  comments on issues with action label
- vault/vault-run-action.sh: entrypoint for ephemeral container,
  dispatches to action handlers

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitignore

@@ -1,8 +1,9 @@
 # Plaintext secrets (never commit)
 .env
 
-# Encrypted secrets — safe to commit (.env.enc is SOPS-encrypted)
+# Encrypted secrets — safe to commit (SOPS-encrypted with age)
 !.env.enc
+!.env.vault.enc
 !.sops.yaml
 
 # Per-box project config (generated by disinto init)