feat(deploy-railway): implement real CLI-backed railway integration

[emil07770]

Summary

• Replace stub build() and ship() with real exec() calls to the Railway CLI
• build(): runs railway up --detach --ci to validate configuration without triggering a full deploy
• ship(): runs railway up --service <serviceId> --environment <env> --detach for non-blocking deploys
• Reads token via ctx.secret('RAILWAY_TOKEN'), throws descriptive error if missing
• Short-circuits on ctx.dryRun in ship()
• Parses deployment URL from railway stdout (https://*.up.railway.app)
• Passes cwd: ctx.projectDir and env: { RAILWAY_TOKEN } to exec for proper isolation
• Returns meta: { projectId, environment } for traceability

Test plan

• Set RAILWAY_TOKEN secret: sh1pt secret set RAILWAY_TOKEN <token>
• Dry-run: sh1pt ship deploy-railway --dry-run should return { id: 'dry-run' } without calling railway
• Build: sh1pt build deploy-railway should invoke railway up --detach --ci for config validation
• Full deploy: sh1pt ship deploy-railway should invoke railway up --service <id> --environment production and return { id, url }
• Staging deploy: with channel: beta or environment: staging, should deploy to staging env
• Missing token: should throw with helpful message pointing to sh1pt secret set RAILWAY_TOKEN

🤖 Generated with Claude Code

[ralyodio]

Heads up — the failing vu1nz security scan check needs a workflow fix that's on master (commit b3290b8). I tried to update this branch automatically but hit merge conflicts. Could you rebase/merge master locally, resolve conflicts, and force-push? Once that's in, the CI check will go green. Thanks!