feat(security): implement metadata redaction and sops-nix migration

Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.

flake.nix

@@ -35,6 +35,10 @@
         ./modules
         ./users
         sops-nix.nixosModules.sops
+        ({ self, ... }: {
+          sops.defaultSopsFile = "${self}/secrets/secrets.yaml";
+          sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+        })
       ];
 
       hosts = {