feat(daemon): daemon composition, credential resolution, and operator interface

[pentaxis93]

Summary

Part of #24. agentd is a daemon — a long-running process that owns the Podman session namespace, manages agent sessions, and reconciles stale resources across restarts. The v0.1.0 daemon accepts manual session triggers (scheduling comes later via agentd-scheduler), but the process model is daemonic from day one.

This issue wires the daemon together: startup with resource reconciliation, session dispatch from parsed config plus operator-supplied session parameters, credential resolution, and operator-facing documentation.

What must be true

Startup

• agentd starts as a daemon process
• On startup, it reconciles stale resources from prior runs: orphaned Podman secrets (agentd-session-secret-* prefix whose containers no longer exist) and dead agentd-managed containers
• Reconciliation completes before any session is accepted

Session dispatch

• An operator can trigger a session by specifying an agent name, repo URL, and optional work unit
• agentd resolves the named agent from parsed config, resolves credential source strings into concrete values, assembles a SessionSpec and SessionInvocation, and calls agentd-runner
• Session outcome (succeeded, failed, timed out) is reported to the operator

Credential resolution

• The daemon translates config's opaque credential source strings into resolved name-value pairs before passing them to the runner
• The resolution mechanism is the implementer's decision — the constraint is that source strings become concrete values and the runner receives only resolved pairs

Operator interface

• The operator can trigger sessions (the specific interface — subcommand, socket, signal — is the implementer's decision, but it must be documented and usable)
• Invalid or missing configuration produces clear, actionable error messages
• produces useful output
• README describes agentd as a functional daemon: what it does, how to configure agents, how to trigger sessions

Constraints

• The daemon owns the Podman session namespace. Startup cleanup runs before any session is accepted — no race between orphan reconciliation and new session creation.
• Credential resolution lives in the daemon (composition root), not in the runner. The runner receives resolved pairs only.
• Read ARCHITECTURE.md for the design intent. The implementation should realize the session lifecycle it describes, with the daemon as the orchestrating process.

Acceptance Criteria

• agentd starts and reconciles orphaned secrets and dead containers before accepting sessions
• An operator can trigger a session specifying agent name, repo URL, and optional work unit
• Credential source strings from config are resolved to concrete values before reaching the runner
• Session outcome is reported to the operator
• Invalid or missing configuration produces clear, actionable error messages
• README describes agentd as a functional daemon with configuration and session-trigger documentation
• An operator unfamiliar with the project can follow the README to configure and run agent sessions

Dependencies

• feat(runner): session lifecycle — container creation through teardown #26 — session lifecycle (the runner must exist for the daemon to call it)