Use credentials instead of secrets (#947)

## Summary
- remove legacy secrets.yml from dummy app
- configure Devise to read secret key from Rails credentials

## Testing
- `bin/codex_style_guard`
- `bundle exec rubocop`
- `bundle exec brakeman -q -w2`
- `bundle exec bundler-audit --update`
- `bin/ci` *(fails: could not connect to database)*

------
https://chatgpt.com/codex/tasks/task_e_689279c283a883219f33b0cd05e3abcc

Author: rsmithlal

config/initializers/devise.rb

@@ -14,7 +14,7 @@
   # confirmation, reset password and unlock tokens in the database.
   # Devise will use the `secret_key_base` as its `secret_key`
   # by default. You can change it below and use your own secret key.
-  config.secret_key = ENV.fetch('DEVISE_SECRET', nil)
+  config.secret_key = ENV.fetch('DEVISE_SECRET') { Rails.application.credentials.secret_key_base }
 
   config.pepper = ENV.fetch('DEVISE_PEPPER', nil)