feat(federation): add SQL user authentication for peer sync

Merge SQL user authentication with Emma federation sync implementation:

- Add federation_peers table for encrypted credential storage
- Add credentials.go with AES-256-GCM encryption, SHA-256 key derivation
- Extend FederatedStorage interface with credential methods
- Add --user, --password, --sovereignty flags to bd federation add-peer
- Integrate credentials into PushTo/PullFrom/Fetch via withPeerCredentials
- DOLT_REMOTE_USER/PASSWORD env vars protected by mutex for concurrency

Credentials automatically used when syncing with peers that have stored auth.

Continues: bd-wkumz.10, Closes: bd-4p67y

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/storage/dolt/schema.go

@@ -234,6 +234,20 @@ CREATE TABLE IF NOT EXISTS interactions (
     INDEX idx_interactions_issue_id (issue_id),
     INDEX idx_interactions_parent_id (parent_id)
 );
+
+-- Federation peers table (for SQL user authentication)
+-- Stores credentials for peer-to-peer Dolt remotes between Gas Towns
+CREATE TABLE IF NOT EXISTS federation_peers (
+    name VARCHAR(255) PRIMARY KEY,
+    remote_url VARCHAR(1024) NOT NULL,
+    username VARCHAR(255),
+    password_encrypted BLOB,
+    sovereignty VARCHAR(8) DEFAULT '',
+    last_sync DATETIME,
+    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    INDEX idx_federation_peers_sovereignty (sovereignty)
+);
 `
 
 // defaultConfig contains the default configuration values