ADR 017: GitHub Secrets

This ADR is inherited from personal-site. Read the canonical source ADR.

Source summary: CI/CD pipelines require access to sensitive credentials (API keys, deployment tokens, signing keys) to interact with external services. I need a secure, low-friction way to manage these secrets without checking them into version control.