Initial commit: Vault Hierarchical Initializer

This commit adds the full implementation of vault-hier, a Rust utility for:
- Initializing HashiCorp Vault in production mode (non-dev)
- Handling Vault seal/unseal operations with key thresholds
- Using Docker Compose for containerized operation
- Supporting persistent storage via Docker volumes

Key components:
- Rust application for Vault interaction
- Docker and Docker Compose configuration
- Test scripts for local development
- Nix flake for development dependencies

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

docker-compose.yml

@@ -0,0 +1,48 @@
+services:
+  vault:
+    image: hashicorp/vault:1.15
+    container_name: vault
+    ports:
+      - "8200:8200"
+    environment:
+      - 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": {"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}, "ui": true, "disable_mlock": true}'
+    cap_add:
+      - IPC_LOCK
+    volumes:
+      - vault-data:/vault/file
+    command: server
+    healthcheck:
+      test: ["CMD", "sh", "-c", "wget -q -O- --no-check-certificate http://127.0.0.1:8200/v1/sys/health?standbyok=true\\&sealedok=true\\&uninitok=true || exit 0"]
+      interval: 5s
+      timeout: 2s
+      retries: 3
+      start_period: 5s
+    networks:
+      - vault-net
+
+  vault-init:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: vault-init
+    environment:
+      - VAULT_ADDR=http://vault:8200
+    depends_on:
+      vault:
+        condition: service_healthy
+    volumes:
+      - ./:/app/data
+    networks:
+      - vault-net
+    restart: on-failure
+    # Using a non-daemon container that exits after completion
+    deploy:
+      restart_policy:
+        condition: none
+
+volumes:
+  vault-data:
+
+networks:
+  vault-net:
+    driver: bridge