Initial commit: Vault Hierarchical Initializer

This commit adds the full implementation of vault-hier, a Rust utility for:
- Initializing HashiCorp Vault in production mode (non-dev)
- Handling Vault seal/unseal operations with key thresholds
- Using Docker Compose for containerized operation
- Supporting persistent storage via Docker volumes

Key components:
- Rust application for Vault interaction
- Docker and Docker Compose configuration
- Test scripts for local development
- Nix flake for development dependencies

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Dockerfile

@@ -0,0 +1,35 @@
+FROM rust:1.85-bookworm AS builder
+
+WORKDIR /usr/src/vault-hier
+COPY Cargo.toml .
+COPY src src
+
+# Create a dummy main.rs to build dependencies
+RUN mkdir -p .cargo && \
+    cargo build --release && \
+    rm -rf src target/release/deps/vault_hier*
+
+# Build the actual application
+COPY . .
+RUN cargo build --release
+
+FROM debian:bookworm-slim
+
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Vault
+RUN wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+RUN echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
+RUN apt-get update && apt-get install -y vault
+
+WORKDIR /usr/local/bin
+
+COPY --from=builder /usr/src/vault-hier/target/release/vault-hier .
+# Set the entrypoint to directly run the Rust binary
+ENTRYPOINT ["/usr/local/bin/vault-hier"]