fix(deploy): Add targeted sensitive file exclusions to rsyncignore

Expand the docs/ denylist with specific patterns for files that were
previously unexcluded: CREDENTIAL_*, VPS_*, STRIPE_*, SECURITY_*,
INCIDENT_*, KOHA_*, DEEPSEEK_*, FIND_STRIPE_*, DEPLOYMENT_*, plus
sensitive directories (stripe-analysis/, session-handoffs/, testing/,
framework-incidents/, plans/, deployment-logs/). Also fix session
handoff patterns to cover uppercase/underscore variants.

This is the proportionate fix: exclude the specific sensitive files
rather than the entire docs/ directory.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.rsyncignore

@@ -36,19 +36,49 @@ secrets/
 credentials/
 
 # ============================================
-# CRITICAL: Internal Documentation Directories
+# CRITICAL: Internal Documentation - Files
 # ============================================
+# Session & handoff files
 docs/session-handoff-*.md
+docs/SESSION_HANDOFF_*.md
+docs/SESSION-*.md
 docs/SESSION_MANAGEMENT_*.md
+docs/SESSION_INIT_*.md
 docs/draft-emails-*.md
 docs/precis-*.md
 docs/precis-*.pdf
+# Credentials & access
+docs/CREDENTIAL_*.md
+docs/VPS_*.md
+docs/FIND_STRIPE_*.md
+# Stripe financial
+docs/STRIPE_*.md
+docs/KOHA_*.md
+docs/KOHA-*.md
+# Security & incidents
+docs/SECURITY_*.md
+docs/SECURITY-AUDIT-*.md
+docs/INCIDENT_*.md
+docs/DOCUMENT_SECURITY_GOVERNANCE.md
+# Internal plans & reports
 docs/PRODUCTION_ENFORCEMENT_SHOWCASE_PLAN.md
-docs/SECURITY_AUDIT_REPORT.md
 docs/FRAMEWORK_FAILURE_*.md
 docs/PHASE-2-*.md
 docs/IMPLEMENTATION_PROGRESS_*.md
-docs/DOCUMENT_SECURITY_GOVERNANCE.md
+docs/DEPLOYMENT_*.md
+docs/DEEPSEEK_*.md
+# Data exports
+docs/PRODUCTION_DOCUMENTS_EXPORT.json
+
+# ============================================
+# CRITICAL: Internal Documentation - Directories
+# ============================================
+docs/stripe-analysis/
+docs/session-handoffs/
+docs/testing/
+docs/framework-incidents/
+docs/plans/
+docs/deployment-logs/
 
 # ============================================
 # Development Files