feat: add SOPS encrypted secrets and enable Flux decryption

- Add .sops.yaml config with age public key
- Encrypt authelia-users, authelia-secrets, vaultwarden-admin
- Enable SOPS decryption in Flux Kustomization (gotk-sync.yaml)
- Secrets are now safe to store in git (encrypted with age)

.sops.yaml

@@ -0,0 +1,4 @@
+creation_rules:
+- path_regex: .*\.enc\.yaml$
+  encrypted_regex: ^(data|stringData)$
+  age: age1aq4d879wuczrqj48nnw7ktsddrxfr8y8xaf0j0aqteswmsxnfs7sfs9phj