docs(research): add credential-proxy landscape and DLP-minimization framing

Consolidates oauth-token-exposure-to-claude.md and
tea-token-isolation-via-proxy.md into agent-credential-proxy-landscape.md,
adding a May-2026 survey of existing tools (Docker AI Sandboxes,
Cloudflare Sandbox Auth, Infisical Agent Vault, nono, Aembit, LiteLLM
CVE-2026-42208, Portkey, Helicone, etc.) and a build-vs-adopt verdict.

Adds secret-minimization-over-dlp.md explaining why pipelock's body
DLP and gitleaks's pre-receive scan cannot stop encoding/splitting
exfil, and why moving credentials out of the bottle (the git-gate
pattern, generalized) is the only robust answer.

Updates git-secret-scanning-hardening.md's reference to point at
the new consolidated landscape doc.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

docs/research/git-secret-scanning-hardening.md

@@ -126,7 +126,7 @@ forwarding to the real remote:
   unprivileged agent cannot read or modify. It holds the real push
   credential (deploy key, PAT, ssh agent socket) — the bottle never
   sees it, same as the auth-injecting proxy for `ANTHROPIC_BASE_URL`
-  in `oauth-token-exposure-to-claude.md`.
+  in `agent-credential-proxy-landscape.md`.
 - On receive, the gate runs `gitleaks detect` against the incoming
   refs (and their message text) in a temporary working tree. Clean
   pushes are forwarded to the real remote. Findings cause the push to