auths init: first-time onboarding should be a single command

[bordumb]

Problem

The current onboarding flow requires multiple manual steps that aren't documented in sequence:

1. auths init — create identity, configure git signing
2. Manually create/update .auths/allowed_signers in the repo
3. Manually fetch registry from ~/.auths into the project repo
4. Manually push refs/auths/registry to the remote
5. Manually add .github/workflows/verify-commits.yml
6. Manually fix SSH config if UseKeychain breaks

A first-time user hitting any of these steps without guidance will get stuck.

Expected behavior

auths init (when run in a git repo) should handle the full happy path:

1. Create identity + configure signing (already works)
2. Write .auths/allowed_signers with the new key (auths init: auto-populate .auths/allowed_signers in the repo #77)
3. Copy registry into the repo and push to remote (auths init: registry should be pushed to remote automatically #80)
4. Fix SSH config issues (SSH config: add IgnoreUnknown UseKeychain during onboarding #74)
5. Optionally scaffold the CI workflow (or print the command to do so)

Each step should have clear output showing what was done. If any step fails, auths doctor (#79) should catch it.

Non-goals

• Don't force GitHub Pages setup (that's for the widget, not core signing)
• Don't require network access for the identity creation itself

Context

End-to-end dogfooding session: took ~2 hours to get from auths init to a working verification badge, mostly due to undocumented manual steps between the init and the verification actually working.