feat(local-secrets): introduce unified local secrets management and documentation

- Add example secret files for `app_key`, `db_user_password`, and `redis_password`.
- Introduce `local.vault.yml.example` for Ansible Vault encryption of local secrets.
- Create migration and setup scripts for transitioning from `.env.local` to secrets files.
- Update `docker-compose.local.yml` to adopt Docker Secrets and `_FILE` pattern for local configurations.
- Add deployment playbooks and enhanced logging configurations for local development.

deployment/ansible/playbooks/setup-local-secrets.yml

@@ -0,0 +1,80 @@
+---
+- name: Setup Local Development Secrets
+  hosts: local
+  gather_facts: yes
+  become: no
+  connection: local
+
+  vars:
+    vault_file: "{{ playbook_dir }}/../secrets/local.vault.yml"
+
+  pre_tasks:
+    - name: Get repository root path
+      shell: |
+        cd "{{ playbook_dir }}/../../.."
+        pwd
+      register: repo_root
+      changed_when: false
+      delegate_to: localhost
+      become: no
+    
+    - name: Set repository root as fact
+      set_fact:
+        app_stack_path: "{{ repo_root.stdout }}"
+
+    - name: Verify vault file exists
+      stat:
+        path: "{{ vault_file }}"
+      register: vault_stat
+      delegate_to: localhost
+      become: no
+
+    - name: Fail if vault file missing
+      fail:
+        msg: "Vault file not found at {{ vault_file }}. Please create it from local.vault.yml.example"
+      when: not vault_stat.stat.exists
+
+  tasks:
+    - name: Load encrypted secrets
+      include_vars:
+        file: "{{ vault_file }}"
+      no_log: yes
+
+    - name: Ensure secrets directory exists for Docker Compose secrets
+      file:
+        path: "{{ app_stack_path }}/secrets"
+        state: directory
+        owner: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        group: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        mode: '0700'
+
+    - name: Create Docker Compose secret files from vault
+      copy:
+        content: "{{ item.value }}"
+        dest: "{{ app_stack_path }}/secrets/{{ item.name }}.txt"
+        owner: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        group: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        mode: '0600'
+      loop:
+        - name: db_user_password
+          value: "{{ vault_db_password }}"
+        - name: redis_password
+          value: "{{ vault_redis_password }}"
+        - name: app_key
+          value: "{{ vault_app_key }}"
+        - name: vault_encryption_key
+          value: "{{ vault_encryption_key | default(vault_app_key) }}"
+      no_log: yes
+
+    - name: Set secure permissions on secrets directory
+      file:
+        path: "{{ app_stack_path }}/secrets"
+        state: directory
+        owner: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        group: "{{ ansible_user_id | default(ansible_env.USER | default('user')) }}"
+        mode: '0700'
+        recurse: yes
+
+    - name: Display secrets setup summary
+      debug:
+        msg: "? Local secrets created in {{ app_stack_path }}/secrets/"