docs: add secure credential practices guide

[stevefulme1]

Summary

• Adds docs/secure_credential_practices.md — developer-facing guide for secure credential handling
• Covers the five golden rules for credential management in this collection
• Documents tooling enforcement: Gitleaks pre-commit hook setup, CI workflow, and .gitignore protections
• Includes step-by-step instructions for adding new secrets, using Ansible Vault, and referencing secrets in playbooks
• Provides a code review checklist for credential-related PRs
• Defines a new team member onboarding process (Day 1 setup + key concepts)
• Includes incident response procedures for accidental credential commits
• References the Red Hat IT InfoSec secret management policy as the authoritative organizational standard

Related

• Resolves: MFG-381
• Companion to: MFG-380 (secure credential storage), MFG-376 (Gitleaks configuration)

Test plan

• Review documentation for accuracy and completeness
• Verify pre-commit setup instructions work on a fresh clone
• Confirm code review checklist covers all credential patterns in the collection
• Validate onboarding steps can be followed by a new contributor

🤖 Generated with Claude Code

[sabre1041]

This is a good guide as a whole. Check the comments as there are some pieces where it is clear AI was used including repeating some of the same points. Also, check if there are any publicly available documents that align to the principles that are being referenced

[sabre1041]

Portions of this PR depends on #23

[sabre1041]

LGTM