docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.

ansible/auth_keys.yml

@@ -0,0 +1,52 @@
+---
+# SSH Authorized Keys Management
+# Deploys authorized_keys to all ubuntu hosts based on ssh_authorized_users variable
+#
+# Usage:
+#   ansible-playbook auth_keys.yml
+#
+# Override exclusive mode (removes unlisted keys):
+#   ansible-playbook auth_keys.yml -e "ssh_exclusive_mode=true"
+#
+# Target specific host:
+#   ansible-playbook auth_keys.yml --limit ariel.incus
+#
+# Variables defined in: inventory/group_vars/all/auth_keys.yml
+
+- name: Manage SSH Authorized Keys
+  hosts: ubuntu
+  become: true
+
+  tasks:
+    - name: Ensure .ssh directory exists for each user
+      ansible.builtin.file:
+        path: "/home/{{ item.name }}/.ssh"
+        state: directory
+        mode: '0700'
+        owner: "{{ item.name }}"
+        group: "{{ item.name }}"
+      loop: "{{ ssh_authorized_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+
+    - name: Deploy authorized keys (additive mode)
+      ansible.posix.authorized_key:
+        user: "{{ item.0.name }}"
+        key: "{{ item.1 }}"
+        state: present
+        exclusive: false
+      loop: "{{ ssh_authorized_users | subelements('keys') }}"
+      loop_control:
+        label: "{{ item.0.name }}: {{ item.1 | truncate(50) }}"
+      when: not ssh_exclusive_mode
+
+    - name: Deploy authorized keys (exclusive mode)
+      ansible.posix.authorized_key:
+        user: "{{ item.name }}"
+        key: "{{ item.keys | join('\n') }}"
+        state: present
+        exclusive: true
+      loop: "{{ ssh_authorized_users }}"
+      loop_control:
+        label: "{{ item.name }}"
+      when: ssh_exclusive_mode