feat: rename rails/ to tools/ and add service tool suites

Rename the `rails/` directory to `tools/` for agent discoverability —
agents frequently failed to locate helper scripts due to the non-intuitive
directory name. Add backward-compat symlink `rails/ → tools/`.

New tool suites:
- Authentik: auth-token, user-list, user-create, group-list, app-list,
  flow-list, admin-status (8 scripts)
- Coolify: team-list, project-list, service-list, service-status, deploy,
  env-set (7 scripts)
- Woodpecker: pipeline-list, pipeline-status, pipeline-trigger (3 stubs)
- GLPI: session-init, computer-list, ticket-list, ticket-create, user-list
  (6 scripts)
- Health: stack-health.sh — stack-wide connectivity check

Infrastructure:
- Shared credential loader at tools/_lib/credentials.sh
- install.sh creates symlink + chmod on tool scripts
- All ~253 rails/ path references updated across 68+ files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

tools/codex/woodpecker/codex-review.yml

@@ -0,0 +1,90 @@
+# Codex AI Review Pipeline for Woodpecker CI
+# Drop this into your repo's .woodpecker/ directory to enable automated
+# code and security reviews on every pull request.
+#
+# Required secrets:
+#   - codex_api_key: OpenAI API key or Codex-compatible key
+#
+# Optional secrets:
+#   - gitea_token: Gitea API token for posting PR comments (if not using tea CLI auth)
+
+when:
+  event: pull_request
+
+variables:
+  - &node_image "node:22-slim"
+  - &install_codex "npm i -g @openai/codex"
+
+steps:
+  # --- Code Quality Review ---
+  code-review:
+    image: *node_image
+    environment:
+      CODEX_API_KEY:
+        from_secret: codex_api_key
+    commands:
+      - *install_codex
+      - apt-get update -qq && apt-get install -y -qq jq git > /dev/null 2>&1
+
+      # Generate the diff
+      - git fetch origin ${CI_COMMIT_TARGET_BRANCH:-main}
+      - DIFF=$(git diff origin/${CI_COMMIT_TARGET_BRANCH:-main}...HEAD)
+
+      # Run code review with structured output
+      - |
+        codex exec \
+          --sandbox read-only \
+          --output-schema .woodpecker/schemas/code-review-schema.json \
+          -o /tmp/code-review.json \
+          "You are an expert code reviewer. Review the following code changes for correctness, code quality, testing, performance, and documentation issues. Only flag actionable, important issues. Categorize as blocker/should-fix/suggestion. If code looks good, say so.
+
+        Changes:
+        $DIFF"
+
+      # Output summary
+      - echo "=== Code Review Results ==="
+      - jq '.' /tmp/code-review.json
+      - |
+        BLOCKERS=$(jq '.stats.blockers // 0' /tmp/code-review.json)
+        if [ "$BLOCKERS" -gt 0 ]; then
+          echo "FAIL: $BLOCKERS blocker(s) found"
+          exit 1
+        fi
+        echo "PASS: No blockers found"
+
+  # --- Security Review ---
+  security-review:
+    image: *node_image
+    environment:
+      CODEX_API_KEY:
+        from_secret: codex_api_key
+    commands:
+      - *install_codex
+      - apt-get update -qq && apt-get install -y -qq jq git > /dev/null 2>&1
+
+      # Generate the diff
+      - git fetch origin ${CI_COMMIT_TARGET_BRANCH:-main}
+      - DIFF=$(git diff origin/${CI_COMMIT_TARGET_BRANCH:-main}...HEAD)
+
+      # Run security review with structured output
+      - |
+        codex exec \
+          --sandbox read-only \
+          --output-schema .woodpecker/schemas/security-review-schema.json \
+          -o /tmp/security-review.json \
+          "You are an expert application security engineer. Review the following code changes for security vulnerabilities including OWASP Top 10, hardcoded secrets, injection flaws, auth/authz gaps, XSS, CSRF, SSRF, path traversal, and supply chain risks. Include CWE IDs and remediation steps. Only flag real security issues, not code quality.
+
+        Changes:
+        $DIFF"
+
+      # Output summary
+      - echo "=== Security Review Results ==="
+      - jq '.' /tmp/security-review.json
+      - |
+        CRITICAL=$(jq '.stats.critical // 0' /tmp/security-review.json)
+        HIGH=$(jq '.stats.high // 0' /tmp/security-review.json)
+        if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ]; then
+          echo "FAIL: $CRITICAL critical, $HIGH high severity finding(s)"
+          exit 1
+        fi
+        echo "PASS: No critical or high severity findings"