fix(devops): enable OpenBao in Swarm and fix healthchecks

- Enable OpenBao + init sidecar in Swarm compose (was commented out)
- Fix healthcheck to accept uninitialized/sealed vault states
  (add ?uninitcode=200&sealedcode=200 to /v1/sys/health)
- Replace nc-based healthcheck with wget in dev compose
- Add ORCHESTRATOR_URL env var to API service in Swarm compose
- Uncomment OpenBao volumes in Swarm compose

The healthcheck was returning HTTP 501 for uninitialized vault,
causing Swarm to restart OpenBao before init sidecar could run.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker/docker-compose.yml

@@ -87,7 +87,14 @@ services:
     cap_add:
       - IPC_LOCK
     healthcheck:
-      test: ["CMD-SHELL", "nc -z 127.0.0.1 8200 || exit 1"]
+      test:
+        [
+          "CMD",
+          "wget",
+          "--spider",
+          "--quiet",
+          "http://127.0.0.1:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200",
+        ]
       interval: 10s
       timeout: 5s
       retries: 5