SIF-007: expand secret provider support beyond Vaultwarden

[jmrpineda]

Reported by: codex
Requested by: jmr.pineda
Priority: P2
Affected surfaces: secret providers, integration setup, runtime configuration
Constraints: additional providers should preserve the current local-first posture and clear provider boundaries

Summary

Expand secret provider support beyond Vaultwarden so teams can integrate SIH with a broader set of secret management systems.

Problem / opportunity

Current secret provider coverage limits adoption in environments that already standardize on other secret stores. Broader provider support would reduce integration friction and widen deployment fit.

Requested behavior

Users should be able to configure SIH against additional secret providers through supported integrations that fit the existing runtime model.

Scope

• In scope: additional provider integrations, configuration model, runtime secret resolution behavior.
• Out of scope: replacing all secret access with a proprietary hosted control plane.

Acceptance criteria

1. At least one additional secret provider can be configured and used through the supported provider model.
2. Provider-specific failures surface actionable diagnostics.
3. The integration model remains consistent with existing workflow and runtime configuration patterns.

Notes

• Source: local roadmap at .doc/positioning-and-roadmap.md.
• This issue was created while migrating local backlog ownership to GitHub.