…ders

CLI-based providers were using std::process::Command which blocks the
tokio runtime thread, making buffer_unordered(10) effectively sequential.
Switching to tokio::process::Command allows concurrent CLI execution,
reducing N secrets from N*800ms to ~800ms.

Fixes #8

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…ders (#308)

## Summary

- Convert all 7 CLI-based providers from blocking
`std::process::Command` to async `tokio::process::Command`
- This allows `buffer_unordered(10)` in `get_secrets_concurrent()` to
actually run CLI processes concurrently instead of blocking the tokio
runtime thread
- For N secrets at ~800ms per CLI call: sequential = N * 800ms →
concurrent = ~800ms

## Providers changed

| Provider | Key changes |
|----------|-------------|
| vault | `execute_vault_command` → async |
| bitwarden | `execute_command` + build functions → async, return
`tokio::process::Command` |
| bitwarden-sm | `execute_bws_command` + `list_secrets` → async |
| password-store | `execute_pass_command` → async, `put_secret` stdin →
`tokio::io::AsyncWriteExt` |
| proton-pass | `execute_pass_cli_command` → async |
| 1password | `execute_op_command` + `execute_op_inject` → async, stdin
→ `tokio::io::AsyncWriteExt` |
| infisical | `execute_infisical_command` → async (`get_auth_token`
stays sync with explicit `std::process::Command` for Mutex-guarded
login) |

Fixes #8

## Test plan

- [x] `mise run build` passes
- [x] `mise run test:cargo` passes (100/100 tests, 1 pre-existing
keychain failure unrelated to changes)
- [x] `mise run lint` passes (cargo-fmt, cargo-clippy, cargo-check all
clean)
- [ ] Manual testing with a Vault/1Password/etc provider to verify
concurrent fetching

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches multiple secret-provider integrations and changes how external
CLIs are spawned and awaited; failures would surface as auth/CLI errors
or behavior differences under concurrency.
> 
> **Overview**
> Switches the CLI-driven providers (Bitwarden, Bitwarden Secrets
Manager, 1Password, password-store, Proton Pass, Vault, and most of
Infisical) from blocking `std::process::Command` to async
`tokio::process::Command`, making `get_secret`/batch flows await process
execution instead of blocking the runtime.
> 
> Updates providers that write to child stdin (`op inject`, `pass
insert`) to use async stdin writes/`wait_with_output().await`; Infisical
keeps login token acquisition as a blocking `std::process::Command`
under a mutex, while subsequent CLI calls are async.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
78d71aa. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>