fix: follow up on creds resolver review concerns

[rmanibus]

Summary

Follow-up fixes for unresolved review concerns left on merged PR #110.

• Harden macOS keychain existence checks:
  • stop using security ... -w in nativeSecretExists (prevents secret value from being printed)
  • discard stdout and surface non-"not found" errors with context
• Preserve intentional whitespace in interactive secret entry:
  • promptSecret now trims only trailing newlines (\r\n) instead of all surrounding whitespace
• Align help/docs with actually supported default secret-ref schemes:
  • usage/docs now list env:// and keychain://
  • wincred://... and secret-service://... are documented as planned (not yet available in default resolver)
• Fix small usage wording typo: Legacy *-env flags...

Validation

• go test -count=1 ./cmd/cloudstic -run 'TestNativeSecretExists|TestSaveSecretToNativeStore|TestCompletionBash|TestCompletionZsh|TestCompletionFish|TestPromptSecretReference'
• go test -count=1 ./...
• golangci-lint run ./...

Context

This PR is a follow-up to comments on merged PR #110.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 9 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/cloudstic/usage.go	0.00%	8 Missing ⚠️
cmd/cloudstic/interactive.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!