feat(security): implement metadata redaction and sops-nix migration

Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.

modules/apps/traefik/default.nix

@@ -72,7 +72,7 @@ in {
         # Certificates
         "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
         "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
-        "--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be"
+        "--certificatesresolvers.letsencrypt.acme.email=${config.sops.placeholder.acme_email or "acme-email@example.com"}"
         "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
       ];
       volumes = [