terraform: auto-generate backup password instead of manual

Remove backup_helper_secret variable and switch shared/backup/password
to auto_generate. New password will be added alongside existing restic
repository key.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

terraform/vault/secrets.tf

@@ -51,10 +51,10 @@ locals {
       password_length = 32
     }
 
-    # Shared backup password
+    # Shared backup password (auto-generated, add alongside existing restic key)
     "shared/backup/password" = {
-      auto_generate = false
-      data          = { password = var.backup_helper_secret }
+      auto_generate   = true
+      password_length = 32
     }
 
     # NATS NKey for alerttonotify

terraform/vault/variables.tf

@@ -16,12 +16,6 @@ variable "vault_skip_tls_verify" {
   default     = true
 }
 
-variable "backup_helper_secret" {
-  description = "Backup helper password (shared across hosts)"
-  type        = string
-  sensitive   = true
-}
-
 variable "nats_nkey" {
   description = "NATS NKey for alerttonotify"
   type        = string