feat(deploy-vercel): implement real CLI-backed vercel integration

[emil07770]

Summary

• Replace stub build() and ship() with real exec() calls to the Vercel CLI
• build(): runs vercel build (with --prod when config.prod is set or channel is stable)
• ship(): runs vercel deploy --token <token> (with --prod on stable); passes token via both CLI flag and env var
• Reads token via ctx.secret('VERCEL_TOKEN'), throws descriptive error if missing
• Short-circuits on ctx.dryRun in ship()
• Parses deployment URL from vercel stdout (https://*.vercel.app)
• Passes cwd: ctx.projectDir and env: { VERCEL_TOKEN } to exec for proper isolation

Test plan

• Set VERCEL_TOKEN secret: sh1pt secret set VERCEL_TOKEN <token>
• Dry-run: sh1pt ship deploy-vercel --dry-run should return { id: 'dry-run' } without calling vercel
• Build: sh1pt build deploy-vercel should invoke vercel build
• Full deploy: sh1pt ship deploy-vercel should invoke vercel deploy --token <token> and return { id, url }
• Prod deploy: with prod: true or channel: stable, should add --prod flag
• Missing token: should throw with helpful message pointing to sh1pt secret set VERCEL_TOKEN

🤖 Generated with Claude Code

[ralyodio]

Heads up — the failing vu1nz security scan check needs a workflow fix that's on master (commit b3290b8). I tried to update this branch automatically but hit merge conflicts. Could you rebase/merge master locally, resolve conflicts, and force-push? Once that's in, the CI check will go green. Thanks!