feat: add encrypted settings, guided Stripe setup, and admin credentials page

Store API keys and secrets encrypted in the SQLite database via the
existing Vault module (AES-256-GCM). The only external dependency is
SECRET_KEY_BASE — everything else lives in the portable DB file.

- Add encrypted_value column to settings table with new "encrypted" type
- Add put_secret/get_secret/delete_setting/secret_hint to Settings context
- Add Secrets module to load encrypted config into Application env at startup
- Add Stripe.Setup module with connect/disconnect/verify_api_key flow
  - Auto-creates webhook endpoints via Stripe API in production
  - Detects localhost and shows Stripe CLI instructions for dev
- Add admin credentials page at /admin/settings with guided setup:
  - Not configured: single Secret key input with dashboard link
  - Connected (production): status display, webhook info, disconnect
  - Connected (dev): Stripe CLI instructions, manual signing secret input
- Remove Stripe env vars from dev.exs and runtime.exs
- Fix CSSCache test startup crash (handle_continue instead of init)
- Add nav link for Credentials page

507 tests, 0 failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

config/runtime.exs

@@ -113,12 +113,6 @@ if config_env() == :prod do
   #
   # See https://hexdocs.pm/swoosh/Swoosh.html#module-installation for details.
 
-  # Stripe payment processing
-  config :stripity_stripe,
-    api_key:
-      System.get_env("STRIPE_SECRET_KEY") ||
-        raise("Missing STRIPE_SECRET_KEY environment variable"),
-    signing_secret:
-      System.get_env("STRIPE_WEBHOOK_SECRET") ||
-        raise("Missing STRIPE_WEBHOOK_SECRET environment variable")
+  # Stripe keys are stored encrypted in the database and loaded at runtime
+  # by SimpleshopTheme.Secrets. No env vars needed.
 end