Add config and secret store consolidation spec

[ChristianPavilonis]

Summary

• Adds a design spec for consolidating Trusted Server runtime storage around one Config Store alias and one Secret Store alias.
• Defines the target ts_config_store / ts_secrets namespace model and request-signing migration path.
• Captures Fastly provisioning validation, compatibility fallback behavior, and open migration questions.

Changes

File	Change
docs/superpowers/specs/2026-05-19-config-secret-store-consolidation-design.md	Adds the config and secret store consolidation proposal, including target runtime aliases, provider config shape, request-signing migration, provisioning behavior, runtime behavior, and acceptance criteria.

Closes

Closes #719
Related #684
Stacked on #715

Test plan

• cargo test --workspace --exclude trusted-server-cli
• cargo test --package trusted-server-cli --target "$(rustc -vV | sed -n 's/^host: //p')"
• cargo clippy --workspace --exclude trusted-server-cli --all-targets --all-features -- -D warnings
• cargo clippy --package trusted-server-cli --target "$(rustc -vV | sed -n 's/^host: //p')" --all-targets -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run
• JS format: cd crates/js/lib && npm run format
• Docs format: cd docs && npm run format -- superpowers/specs/2026-05-19-config-secret-store-consolidation-design.md
• WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
• Manual testing via fastly compute serve
• Other: docs-only change; Rust/JS/runtime checks not run.

Checklist

• Changes follow CLAUDE.md conventions
• No unwrap() in production code — use expect("should ...")
• Uses log macros (not println!)
• New code has tests
• No secrets or credentials committed