Initial commit: VaultMesh Skills collection

Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

secrets-vault/checks/check_ciphertext.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+: "${VAULT_ROOT:=~/infrastructure/vault}"
+vr="$(eval echo "$VAULT_ROOT")"
+for f in cloudflare gitea registry k8s; do
+  p="$vr/secrets/$f.enc.yaml"
+  [[ -f "$p" ]] || { echo "missing $p"; exit 1; }
+  grep -q "sops:" "$p" || { echo "not encrypted: $p"; exit 1; }
+done
+echo "[OK] ciphertext"