RFC 0011: Epic / Tracking issue for profile credential storage backends

[rmanibus]

Context

This issue tracks delivery of RFC 0011 (Profile Credential Storage Backends) as a coordinated feature.

RFC: rfcs/0011-profile-credential-storage-backends.md

Goal

Provide a secure, cross-platform credential reference model for profile/store secrets while keeping existing *_env workflows fully backward compatible.

Scope summary

• Add *_secret schema fields and reference parsing/resolution.
• Integrate resolver into backup/store profile resolution with defined precedence.
• Implement native backends (macOS, Windows, Linux) incrementally.
• Update docs and CLI UX.

Child issues

• RFC 0011: Add profile secret reference schema and env:// resolver #87 RFC 0011: Add profile secret reference schema and env:// resolver
• RFC 0011: Integrate secret resolver into backup/store profile resolution #92 RFC 0011: Integrate secret resolver into backup/store profile resolution
• RFC 0011: Implement macOS Keychain backend for profile secrets #88 RFC 0011: Implement macOS Keychain backend for profile secrets
• RFC 0011: Implement Windows credential backend for profile secrets #90 RFC 0011: Implement Windows credential backend for profile secrets
• RFC 0011: Implement Linux Secret Service backend for profile secrets #89 RFC 0011: Implement Linux Secret Service backend for profile secrets
• RFC 0011: Documentation and CLI UX updates for profile secret references #91 RFC 0011: Documentation and CLI UX updates for profile secret references

Suggested implementation order

1. RFC 0011: Add profile secret reference schema and env:// resolver #87 (schema + parser + env resolver)
2. RFC 0011: Integrate secret resolver into backup/store profile resolution #92 (runtime integration + precedence tests)
3. RFC 0011: Implement macOS Keychain backend for profile secrets #88 / RFC 0011: Implement Windows credential backend for profile secrets #90 / RFC 0011: Implement Linux Secret Service backend for profile secrets #89 (platform backends)
4. RFC 0011: Documentation and CLI UX updates for profile secret references #91 (docs + UX polish)

Exit criteria

• All child issues completed.
• No secret values exposed in CLI/log output.
• Backward compatibility validated for flag-only and *_env profile workflows.
• User docs updated with migration examples.