Mount the gpg secrets engine (the plugin is registered separately via the
plugin module + config/plugins, #89) and manage OpenPGP keys with the
gpgvaultsecret provider.
- gpg_secret_backend module: mounts the registered plugin type; depends_on the
plugin module so the mount waits for catalog registration.
- gpg_key module (via the gpgvaultsecret provider, registered in root.hcl):
create/configure keys; wired through vault_cluster + config discovery
(config/gpg_key/<backend>/<name>.yaml).
- config/gpg_secret_backend/gpg.yaml mounts at gpg/; config/gpg_key/gpg/pass.yaml
is an rsa-4096 'pass' key for password-store (private key stays in Vault;
clients decrypt via gpg/decrypt/pass).
Rebased onto master after the access (#88) and plugin-import (#89) PRs merged.