add infra credentials setup (gitignored secrets, shared template)

.claude/infra.md.example

@@ -0,0 +1,37 @@
+# Infrastructure Access — TEMPLATE
+# Copy to .claude/infra.md and fill in real values.
+# Share the real file via 1Password / Vault / `age` encrypted blob — NEVER commit it.
+
+## Dokploy
+- **Dashboard**: https://dokploy.example.com
+- **API Token**: `dkp_...`
+- **SSH User**: `deploy`
+- **SSH Host**: `dokploy.example.com`
+- **SSH Port**: `22`
+- **SSH Key Path**: `~/.ssh/id_dokploy`   ← or reference a 1Password SSH key
+
+## Servers
+| Name       | IP / Host              | SSH User | Notes          |
+|------------|------------------------|----------|----------------|
+| prod-1     | 10.0.0.1               | deploy   | primary node   |
+| staging-1  | 10.0.0.2               | deploy   | staging node   |
+
+## Docker Registry
+- **Registry**: `ghcr.io/your-org`
+- **Username**: `bot`
+- **Token**: `ghp_...`
+
+## DNS / Cloudflare
+- **API Token**: `cf_...`
+- **Zone ID**: `...`
+
+## Monitoring
+- **Grafana URL**: https://grafana.example.com
+- **API Key**: `eyJ...`
+
+## Database
+- **Prod Postgres**: `postgres://user:pass@host:5432/db`
+- **Staging Postgres**: `postgres://user:pass@host:5432/db_staging`
+
+## Other Secrets
+<!-- Add anything else Claude Code needs to manage your infra -->