feat: add KeyringStore and secure secret backend selection (#8) (#13)

This commit implements GitHub Issue #8, adding OS keyring-backed secret
storage with graceful fallback to MemoryStore when the keyring is unavailable.

Changes:
- Refactored store.rs into modular structure (store/mod.rs, store/memory.rs)
- Implemented KeyringStore behind keyring-store feature flag
- Added create_store() helper that selects backend based on feature availability
- KeyringStore uses platform native keyrings (macOS Keychain, Linux Secret Service, Windows Credential Manager)
- Graceful fallback to MemoryStore with clear warning logs when keyring unavailable
- Added comprehensive tests including platform-aware keyring tests
- Tests handle headless environments where keyring daemon may not be running

Implementation Details:
- KeyringStore implements SecretStore trait for OS keyring operations
- create_store() attempts KeyringStore first if prefer_keyring=true
- Falls back to MemoryStore if keyring backend unavailable
- Includes appropriate logging at info/warn/debug levels
- list_keys() operation not supported by keyring backend (limitation of platform APIs)

Testing:
- All 31 tests pass including keyring-specific tests
- Tests gracefully skip or adapt when keyring daemon unavailable
- Documented platform requirements and limitations

Fixes #8

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Amp AI <[email protected]>
Co-authored-by: Claude Opus 4.5 <[email protected]>

Author: 3 people