Add sshk script for SSH with API key forwarding

[jbearak]

Overview

This PR adds the sshk script - a smart SSH wrapper that securely forwards environment variables including API keys to remote hosts.

What it does

• Automatic credential discovery: Scans for API keys from multiple sources (environment variables, macOS Keychain)
• Secure forwarding: Uses SSH's built-in SendEnv mechanism for safe transport
• Tmux support: Properly handles environment variables in tmux sessions
• Hierarchical fallback: Environment → Keychain (specific MCP patterns) → Generic api_keys service

Key Features

• Comprehensive input validation to prevent injection attacks
• Support for multiple credential sources with clear precedence
• Extensive logging and security auditing
• Installation helper for ~/bin setup
• Compatible with bash and zsh

Supported Credentials

• GitHub tokens (GITHUB_TOKEN, GITHUB_PERSONAL_ACCESS_TOKEN, GH_TOKEN)
• Atlassian credentials (API token, domain, email)
• Bitbucket credentials (username, app password, workspace)
• Custom credentials via generic "api_keys" keychain service

Security

• All inputs and outputs are validated
• No credentials exposed in process lists or logs
• Uses SSH's secure SendEnv mechanism
• Comprehensive security checks and logging

Usage

# Basic usage
sshk user@server.com

# With tmux support
sshk -t user@server.com

# Execute remote command
sshk user@server.com "echo \$GITHUB_TOKEN"

The script includes detailed help (sshk --help) and keychain setup instructions.