feat(deploy-fly): implement real CLI-backed flyctl integration

[emil07770]

Summary

• Replace stub build() and ship() with real exec() calls to flyctl
• build(): runs flyctl deploy --build-only --app <app> with FLY_API_TOKEN env var
• ship(): runs flyctl deploy --remote-only --strategy=<strategy> --app <app> with token; supports --region flags and custom --dockerfile
• Reads token via ctx.secret('FLY_API_TOKEN'), throws descriptive error if missing
• Short-circuits on ctx.dryRun in ship()
• Parses deployed URL from flyctl stdout (https://*.fly.dev) and deployment version (v<n> deployed)
• Passes cwd: ctx.projectDir and env: { FLY_API_TOKEN } to exec for proper isolation

Test plan

• Set FLY_API_TOKEN secret: sh1pt secret set FLY_API_TOKEN <token>
• Dry-run: sh1pt ship deploy-fly --dry-run should return { id: 'dry-run' } without calling flyctl
• Build-only: sh1pt build deploy-fly should invoke flyctl deploy --build-only
• Full deploy: sh1pt ship deploy-fly should invoke flyctl deploy --remote-only --strategy=rolling and return { id, url }
• Missing token: should throw with helpful message pointing to sh1pt secret set FLY_API_TOKEN

🤖 Generated with Claude Code

[ralyodio]

Heads up — the failing vu1nz security scan check needs a workflow fix that's on master (commit b3290b8). I tried to update this branch automatically but hit merge conflicts. Could you rebase/merge master locally, resolve conflicts, and force-push? Once that's in, the CI check will go green. Thanks!