Initial commit: breakpilot-core - Shared Infrastructure

Docker Compose with 24+ services:
- PostgreSQL (PostGIS), Valkey, MinIO, Qdrant
- Vault (PKI/TLS), Nginx (Reverse Proxy)
- Backend Core API, Consent Service, Billing Service
- RAG Service, Embedding Service
- Gitea, Woodpecker CI/CD
- Night Scheduler, Health Aggregator
- Jitsi (Web/XMPP/JVB/Jicofo), Mailpit

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

vault/agent/split-certs.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+# Split combined certificate file into separate components
+
+COMBINED="/vault/certs/combined.pem"
+CERT_FILE="/vault/certs/macmini.crt"
+KEY_FILE="/vault/certs/macmini.key"
+CA_FILE="/vault/certs/ca-chain.crt"
+
+# Extract certificate (between ===CERT=== and ===CA===)
+sed -n '/===CERT===/,/===CA===/p' "$COMBINED" | sed '1d;$d' > "$CERT_FILE"
+
+# Append CA to certificate file for full chain
+sed -n '/===CA===/,/===KEY===/p' "$COMBINED" | sed '1d;$d' >> "$CERT_FILE"
+
+# Extract CA chain
+sed -n '/===CA===/,/===KEY===/p' "$COMBINED" | sed '1d;$d' > "$CA_FILE"
+
+# Extract private key
+sed -n '/===KEY===/,$p' "$COMBINED" | sed '1d' > "$KEY_FILE"
+
+# Set permissions
+chmod 644 "$CERT_FILE" "$CA_FILE"
+chmod 600 "$KEY_FILE"
+
+# Reload nginx if running
+nginx -s reload 2>/dev/null || true
+
+echo "Certificates split successfully"