OneCLI adds Bitwarden vault support

This is the right abstraction for agent security: keep secrets out of the model, keep approvals outside the model, and enforce policy at the network edge. It will not stop every bad agent action, but it does take the easiest credential-theft path off the table.

• –Bitwarden covers just-in-time approval and encrypted vault access, while OneCLI handles proxying, injection, rate limits, and audit logging.
• –Because the flow rides standard HTTP proxy behavior, teams can adopt it without rewriting agent code or wrapping every SDK call.
• –Prompt injection can still steer the agent, but it cannot trivially exfiltrate a reusable token it never receives in plaintext.
• –The tradeoff is operational overhead: proxy trust, CA management, and rule authoring now become part of the security surface.
• –Both projects being open source should help security teams inspect the control plane and adapt it to their own stack.