feat: Add DevSecOps tools, Woodpecker proxy, Vault persistent storage, pitch-deck annex slides

- Install Gitleaks, Trivy, Grype, Syft, Semgrep, Bandit in backend-core Dockerfile
- Add Woodpecker SQLite proxy API (fallback without API token)
- Mount woodpecker_data volume read-only to backend-core
- Add backend proxy fallback in admin-core Woodpecker route
- Add Vault file-based persistent storage (config.hcl, init-vault.sh)
- Auto-init, unseal and root-token persistence for Vault
- Add 6 pitch-deck annex slides (Assumptions, Architecture, GTM, Regulatory, Engineering, AI Pipeline)
- Dynamic margin/amortization KPIs in BusinessModelSlide
- Market sources modal with citations in MarketSlide
- Redesign nginx landing page to 3-column layout (Lehrer/Compliance/Core)
- Extend MkDocs nav with Services and SDK documentation sections
- Add SDK Protection architecture doc

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-core/main.py

@@ -25,6 +25,7 @@ from email_template_api import (
 )
 from system_api import router as system_router
 from security_api import router as security_router
+from woodpecker_proxy_api import router as woodpecker_router
 
 # ---------------------------------------------------------------------------
 # Middleware imports
@@ -105,6 +106,7 @@ app.include_router(system_router)               # already has paths defined in r
 
 # Security / DevSecOps dashboard
 app.include_router(security_router, prefix="/api")
+app.include_router(woodpecker_router, prefix="/api")
 
 # ---------------------------------------------------------------------------
 # Startup / Shutdown events