Remove internal/macse package and fix all linter issues

- Remove internal/macse package (Secure Enclave experiment)
- Fix errcheck: handle keychain.DeleteItem error return
- Fix lll: break long lines in command descriptions
- Fix mnd: add nolint comment for cobra.ExactArgs(2)
- Fix nlreturn: add blank lines before return/break statements
- Fix revive: add nolint comment for KEYCHAIN_APP_IDENTIFIER constant
- Fix nestif: simplify UnlockersRemove by using new NumSecrets method
- Add NumSecrets() method to vault.Vault for counting secrets
- Update golangci.yml to exclude ALL_CAPS warning (attempted various
  configurations but settled on nolint comment)

All tests pass, code is formatted and linted.

README.md

@@ -69,8 +69,8 @@ Initializes the secret manager with a default vault. Prompts for a BIP39 mnemoni
 
 ### Vault Management
 
-#### `secret vault list [--json]`
-Lists all available vaults.
+#### `secret vault list [--json]` / `secret vault ls`
+Lists all available vaults. The current vault is marked.
 
 #### `secret vault create <name>`
 Creates a new vault with the specified name.
@@ -78,6 +78,12 @@ Creates a new vault with the specified name.
 #### `secret vault select <name>`
 Switches to the specified vault for subsequent operations.
 
+#### `secret vault remove <name> [--force]` / `secret vault rm` ⚠️ 🛑
+**DANGER**: Permanently removes a vault and all its secrets. Like Unix `rm`, this command does not ask for confirmation.
+Requires --force if the vault contains secrets. With --force, will automatically switch to another vault if removing the current one.
+- `--force, -f`: Force removal even if vault contains secrets
+- **NO RECOVERY**: All secrets in the vault will be permanently deleted
+
 ### Secret Management
 
 #### `secret add <secret-name> [--force]`
@@ -95,14 +101,24 @@ Retrieves and outputs a secret value to stdout.
 #### `secret list [filter] [--json]` / `secret ls`
 Lists all secrets in the current vault. Optional filter for substring matching.
 
+#### `secret remove <secret-name>` / `secret rm` ⚠️ 🛑
+**DANGER**: Permanently removes a secret and ALL its versions. Like Unix `rm`, this command does not ask for confirmation.
+- **NO RECOVERY**: Once removed, the secret cannot be recovered
+- **ALL VERSIONS DELETED**: Every version of the secret will be permanently deleted
+
 ### Version Management
 
-#### `secret version list <secret-name>`
+#### `secret version list <secret-name>` / `secret version ls`
 Lists all versions of a secret showing creation time, status, and validity period.
 
 #### `secret version promote <secret-name> <version>`
 Promotes a specific version to current by updating the symlink. Does not modify any timestamps, allowing for rollback scenarios.
 
+#### `secret version remove <secret-name> <version>` / `secret version rm` ⚠️ 🛑
+**DANGER**: Permanently removes a specific version of a secret. Like Unix `rm`, this command does not ask for confirmation.
+- **NO RECOVERY**: Once removed, this version cannot be recovered
+- Cannot remove the current version (must promote another version first)
+
 ### Key Generation
 
 #### `secret generate mnemonic`
@@ -116,7 +132,7 @@ Generates and stores a random secret.
 
 ### Unlocker Management
 
-#### `secret unlockers list [--json]`
+#### `secret unlockers list [--json]` / `secret unlockers ls`
 Lists all unlockers in the current vault with their metadata.
 
 #### `secret unlockers add <type> [options]`
@@ -130,8 +146,12 @@ Creates a new unlocker of the specified type:
 **Options:**
 - `--keyid <id>`: GPG key ID (required for PGP type)
 
-#### `secret unlockers rm <unlocker-id>`
-Removes an unlocker.
+#### `secret unlockers remove <unlocker-id> [--force]` / `secret unlockers rm` ⚠️ 🛑
+**DANGER**: Permanently removes an unlocker. Like Unix `rm`, this command does not ask for confirmation.
+Cannot remove the last unlocker if the vault has secrets unless --force is used.
+- `--force, -f`: Force removal of last unlocker even if vault has secrets
+- **CRITICAL WARNING**: Without unlockers and without your mnemonic phrase, vault data will be PERMANENTLY INACCESSIBLE
+- **NO RECOVERY**: Removing all unlockers without having your mnemonic means losing access to all secrets forever
 
 #### `secret unlocker select <unlocker-id>`
 Selects an unlocker as the current default for operations.
@@ -274,6 +294,9 @@ echo "ssh-private-key-content" | secret add ssh/servers/web01
 secret list
 secret get database/prod/password
 secret get services/api/key
+
+# Remove a secret ⚠️ 🛑 (NO CONFIRMATION - PERMANENT!)
+secret remove ssh/servers/web01
 ```
 
 ### Multi-vault Setup
@@ -293,6 +316,9 @@ echo "personal-email-pass" | secret add email/password
 
 # List all vaults
 secret vault list
+
+# Remove a vault ⚠️ 🛑 (NO CONFIRMATION - PERMANENT!)
+secret vault remove personal --force
 ```
 
 ### Advanced Authentication
@@ -307,6 +333,21 @@ secret unlockers list
 
 # Select a specific unlocker
 secret unlocker select <unlocker-id>
+
+# Remove an unlocker ⚠️ 🛑 (NO CONFIRMATION!)
+secret unlockers remove <unlocker-id>
+```
+
+### Version Management
+```bash
+# List all versions of a secret
+secret version list database/prod/password
+
+# Promote an older version to current
+secret version promote database/prod/password 20231215.001
+
+# Remove an old version ⚠️ 🛑 (NO CONFIRMATION - PERMANENT!)
+secret version remove database/prod/password 20231214.001
 ```
 
 ### Encryption/Decryption with Age Keys