Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations.

- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.

src/Zastava/StellaOps.Zastava.Webhook/AGENTS.md

@@ -21,7 +21,7 @@ Operate the Kubernetes admission webhook enforcing image/SBOM/attestation polici
 - `docs/modules/devops/runbooks/zastava-deployment.md`
 
 ## Working Agreement
-1. **Task state**: update `docs/implplan/SPRINTS.md` and local `TASKS.md` to `DOING`/`DONE` as you start or complete work.
+1. **Task state**: update corresponding sprint file `docs/implplan/SPRINT_*.md` and local `TASKS.md` to `DOING`/`DONE` as you start or complete work.
 2. **Surface usage**: fetch cache manifests via Surface.FS, configuration via Surface.Env, secrets via Surface.Secrets; run validators before enforcing policies.
 3. **Deterministic verdicts**: avoid non-deterministic data in admission responses; include explain traces referencing evidence IDs.
 4. **Security**: enforce mTLS, Authority OpTok scopes, and tenant context; audit all allow/deny decisions.