84746d2232
- --store-credential: after snapshot, writes build-user credentials into the system keyring using the two-entry scheme (service:meta + service) that KeyringCredentialStore.get() reads. Works on Windows (Credential Manager) and Linux (SecretService / file backend). - --credential-target: keyring target name, default BuildVMGuest (matches config.guest_cred_target). - Rewrote module docstring: full prose documentation of both `template backup` and `template prepare-win` including all 12 provisioning steps. - 2 new tests covering --store-credential with custom and default targets. - mypy --strict clean; coverage 90.03%. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>