Add Git integration layer with secret store for remote asset caching

[Copilot]

This PR implements a comprehensive Git integration layer for a3t that enables asset caching from remote Git repositories at both workspace and user levels, along with a secure secret management system.

Key Features

🔐 SecretStore System

• Environment Provider: Reads secrets from environment variables with configurable prefixes
• Memory Provider: Runtime secret storage with programmatic API
• Composite Provider: Chains multiple providers for flexible fallback behavior
• Pluggable Architecture: Easy to extend with custom secret providers

// Configure Git credentials via secret store
await a3t.secretStore.setSecret('git_token_repo_name', 'ghp_your_token');

// Or use environment variables: A3T_GIT_TOKEN_REPO_NAME

🔧 GitFsBackend

• Repository Management: Clone, fetch, and cache Git repositories locally
• Context-Aware Caching: Separate caches per user/workspace based on scope configuration
• Flexible Git References: Support for branches, tags, and specific commits
• Secure Authentication: Integration with secret store for Git credentials
• Auto-Update: Configurable automatic fetching from remote repositories
• Security: Path traversal protection and safe repository handling

// Workspace-level Git backend
a3t.init({
  fs: {
    git: {
      repoUrl: 'https://github.com/company/assets.git',
      branch: 'main',
      scope: 'workspace'
    }
  }
});

// User-level Git backend for development
a3t.setGitFsBackend({
  repoUrl: 'https://github.com/user/dev-assets.git',
  branch: 'feature-branch',
  scope: 'user'
});

🎯 Use Cases Enabled

Distributed Development: Individual users can operate from personal branches while the workspace uses the main branch for production assets.

Isolated Testing: Users can cache and work with assets from their own branches without disrupting others.

Version Control: Leverage Git's native version control for asset management with automatic updates.

Secure Deployment: Flexible credential management supports various deployment scenarios from local development to production.

API Integration

The Git backend seamlessly integrates with a3t's existing API:

// Same familiar API, now powered by Git
const prompt = await a3t.get('prompts/welcome.txt');
const config = await a3t.get('config/app.json');
const assets = await a3t.getMultiple(['prompts/summary.txt', 'config/settings.json']);

Context-Aware Caching

Assets are cached based on context, enabling:

• User-level caching: Each user gets their own Git repository cache
• Workspace-level caching: Shared assets across team members
• Branch isolation: Different branches cached separately
• Efficient updates: Auto-fetch with configurable intervals (default: 5 minutes)

Testing & Quality

• 72 total tests all passing
• 29 new tests covering Git backend and secret store functionality
• Comprehensive coverage including security, authentication, and error handling
• TypeScript definitions updated with new interfaces and types

Backward Compatibility

This implementation maintains full backward compatibility:

• Existing filesystem and database backends continue to work unchanged
• No breaking changes to existing APIs
• Git functionality is opt-in via configuration

Example Usage

const a3t = require('a3t');

// Initialize with Git backend
a3t.init({
  fs: {
    git: {
      repoUrl: 'https://github.com/company/assets.git',
      branch: 'main',
      scope: 'workspace',
      cachePath: '.a3t-cache'
    }
  },
  context: {
    workspace: 'production',
    user: 'alice'
  }
});

// Use existing API - now powered by Git
const welcome = await a3t.get('prompts/welcome.txt');
const config = await a3t.get('config/app.json');

Fixes #3.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.