#22980: Gateway: add manual secrets reload command

## Summary - add `secrets.reload` gateway RPC to re-resolve refs from the active unresolved config snapshot - add `openclaw secrets reload` CLI command to trigger runtime secret re-activation - classify/list the new method in gateway method metadata and add tests ## Validation - pnpm check - pnpm vitest src/gateway/server-methods/secrets.test.ts src/cli/secrets-cli.test.ts src/secrets/runtime.test.ts - pnpm vitest src/gateway/method-scopes.test.ts src/gateway/server-methods.control-plane-rate-limit.test.ts <!-- greptile_comment --> <h3>Greptile Summary</h3> Added `secrets.reload` RPC method to manually re-resolve secret references from the active snapshot's source config. The implementation reuses the existing `activateRuntimeSecrets` helper to prepare and activate a new snapshot from `sourceConfig`, preserving the unresolved configuration for subsequent reloads. The CLI command properly handles both human-readable and JSON output formats, with appropriate error handling and permission scoping to `operator.admin`. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The implementation follows existing patterns, includes comprehensive unit tests for both gateway handlers and CLI commands, properly handles error cases, and correctly integrates with the existing secrets runtime system. The addition of `sourceConfig` to the snapshot structure enables the reload functionality without breaking changes. - No files require special attention _{Last reviewed commit: 3b463cb} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->