nix-cache02: add native nix forgejo runner instance

Add a second runner instance (actions-native) that executes jobs
directly on the host, giving workflows persistent nix store access
and automatic binary cache population via Harmonia.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

terraform/vault/secrets.tf

@@ -145,12 +145,17 @@ locals {
       password_length = 64
     }
 
-    # Forgejo runner token for nix-cache02
+    # Forgejo runner tokens for nix-cache02
     "hosts/nix-cache02/forgejo-runner-token" = {
       auto_generate = false
       data          = { token = var.forgejo_runner_token }
     }
 
+    "hosts/nix-cache02/forgejo-native-runner-token" = {
+      auto_generate = false
+      data          = { token = var.forgejo_native_runner_token }
+    }
+
     # Loki push authentication (used by Promtail on all hosts)
     "shared/loki/push-auth" = {
       auto_generate   = true