feat(devspaces): auto-mount ansible vault-password.txt from Bitwarden secret

[morey-tech]

Problem

Currently users must manually create ansible/vault-password.txt by copying the password from the "Ansible ms Vault Password" Bitwarden entry, as documented in ansible/README.md.

This adds friction to the DevSpaces workflow and requires manual secret management.

Proposed Solution

Auto-mount the vault password file in DevSpaces workspaces using one of these approaches:

1. External Secrets Operator (if available in ocp-gpu cluster):

   • Create ExternalSecret to sync from Bitwarden
   • Mount as file in DevSpaces pods via devfile

2. Bitwarden CLI in postStart:

   • Use existing bitwarden-cli integration
   • Fetch secret and write to ansible/vault-password.txt in postStart command

3. DevSpaces Secret Mount:

   • Store as Kubernetes secret in openshift-devspaces namespace
   • Mount via devfile volumes

Expected Outcome

• ansible/vault-password.txt automatically available in DevSpaces workspaces
• No manual password copy step required
• Update ansible/README.md to remove manual instruction

References

• Similar pattern: DevSpaces Claude Code API key auto-mount (feat: auto-load Claude extension in DevSpaces workspaces #114, feat(devspaces): auto-install extensions via .vscode/extensions.json #115)
• Ansible Vault docs: https://docs.ansible.com/ansible/latest/vault_guide/vault_encrypting_content.html