feat: simplify migration from local to hosted authsome

[manojbajaj95]

Summary

Make it seamless for a user to migrate from a self-hosted (local daemon) authsome setup to the hosted/cloud version — preserving the same identity and all existing connections without re-authenticating.

Motivation

Users who start with the local daemon today have no clear upgrade path to the hosted version. They must re-register, re-authenticate every provider, and lose their existing identity. A first-class migration path removes this friction and encourages adoption of the hosted offering.

Desired Behavior

• The user's existing local Ed25519 identity (did:key) should be recognised by the hosted service — no new key pair, no new DID.
• Existing provider connections (tokens, API keys) should transfer without requiring re-login.
• Ideally a single command: e.g. authsome migrate --to hosted that handles export, upload, and switchover atomically.
• After migration the local daemon can be stopped; the CLI points at the hosted endpoint transparently.

Work Items

• Define the migration protocol: what gets transferred (identity key, vault contents, provider configs) and how credentials are encrypted in transit
• Add authsome migrate command (or equivalent) that exports local state and imports it into the hosted vault under the same identity
• Ensure the hosted service accepts an existing did:key during onboarding so identity continuity is preserved
• Handle partial/interrupted migrations safely (idempotent, no credential loss)
• Update docs with a migration guide

Notes

• The local identity key (~/.authsome/identities/<handle>.key) is the cryptographic anchor — the hosted service must accept it rather than issuing a new one.
• Vault encryption keys must be re-wrapped for the hosted KMS without ever exposing plaintext credentials outside the local machine.

[manojbajaj95]

Completed.