rename secrets.py to credential_store.py, enhance /status, add usage tracking

- Rename src/secrets.py → src/credential_store.py (avoid stdlib conflict)
- Enhanced /status command: uptime, tokens, cost, context window usage
- Session metadata now tracks input/output tokens, cost, duration
- _safe_env() changed from allowlist to blocklist approach
- Better Claude CLI error logging

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

tests/test_secrets.py

@@ -5,7 +5,7 @@ import pytest
 from unittest.mock import patch
 from pathlib import Path
 
-from src.secrets import (
+from src.credential_store import (
     SERVICE,
     REQUIRED_SECRETS,
     set_secret,
@@ -48,9 +48,9 @@ def mock_keyring():
     """Patch keyring globally for every test so the real keyring is never touched."""
     fake = FakeKeyring()
     with (
-        patch("src.secrets.keyring.get_password", side_effect=fake.get_password),
-        patch("src.secrets.keyring.set_password", side_effect=fake.set_password),
-        patch("src.secrets.keyring.delete_password", side_effect=fake.delete_password),
+        patch("src.credential_store.keyring.get_password", side_effect=fake.get_password),
+        patch("src.credential_store.keyring.set_password", side_effect=fake.set_password),
+        patch("src.credential_store.keyring.delete_password", side_effect=fake.delete_password),
     ):
         yield fake