Add provider secrets and environment configuration management #38
Description
Problem
Operators need a first-class way to manage provider-specific secrets, tokens, environment variables, and config overrides inside the app.
Scope
- Track how the settings shell stores, edits, validates, and displays provider configuration
- Cover secrets and non-secret configuration separately
- Keep per-provider overrides explicit
Out of scope
- Session-specific prompt and instruction layering
- Cloud secret-storage implementation choices beyond local planning
Implementation notes
- Make provider configuration visible without leaking secrets
- Align with future policy-aware redaction work
- Support all three external providers consistently
Definition of Done
- The issue defines which kinds of provider configuration the app must manage
- The issue states how secrets differ from non-secret settings at a product level
Verification
- Review the issue against Toolchain Center, settings shell, and trust-control issues