Fix vault creation to require mnemonic and set up initial unlocker

- Vault creation now prompts for mnemonic if not in environment
- Automatically creates passphrase unlocker during vault creation
- Prevents 'missing public key' error when adding secrets to new vaults
- Updates tests to reflect new vault creation flow

internal/secret/keychainunlocker.go

@@ -161,15 +161,18 @@ func (k *KeychainUnlocker) GetDirectory() string {
 
 // GetID implements Unlocker interface - generates ID from keychain item name
 func (k *KeychainUnlocker) GetID() string {
-	// Generate ID using keychain item name
-	keychainItemName, err := k.GetKeychainItemName()
+	// Generate ID in the format YYYY-MM-DD.HH.mm-hostname-keychain
+	// This matches the passphrase unlocker format
+	hostname, err := os.Hostname()
 	if err != nil {
-		// The vault metadata is corrupt - this is a fatal error
-		// We cannot continue with a fallback ID as that would mask data corruption
-		panic(fmt.Sprintf("Keychain unlocker metadata is corrupt or missing keychain item name: %v", err))
+		hostname = "unknown"
 	}
 
-	return fmt.Sprintf("%s-keychain", keychainItemName)
+	// Use the creation timestamp from metadata
+	createdAt := k.Metadata.CreatedAt
+	timestamp := createdAt.Format("2006-01-02.15.04")
+
+	return fmt.Sprintf("%s-%s-keychain", timestamp, hostname)
 }
 
 // Remove implements Unlocker interface - removes the keychain unlocker