Add a Tugboat preview configuration (single-site, local-mode demo)

Add a Tugboat preview so reviewers can exercise most pdv features from a branch or MR without standing up a site. Mirrors the audit_trail Tugboat setup (.tugboat/config.yml + .tugboat/setup.php).

Scope: single-site, local mode

One environment that exercises the vault end to end without a second site:

• Enables pdv, pdv_client, pdv_test_console, and pdv_webform (plus key, consumers, webform, admin_toolbar).
• Provisions a 256-bit Master KEK (Key, config provider) and points pdv.settings:master_key_id at it.
• Grants manage own pdv vault to authenticated and creates a demo owner (owner / owner) with a couple of seeded documents.
• Creates a demo consumer for the grant / trust / consent flows.
• Replaces the front page with a guide (logins, owner vault, passphrase under Advanced, trust/grant, test console, settings, vault subjects, the Webform vault-file element).
• Rebuilds daily at 04:00 UTC.

Out of scope

• Cross-site (pdv_server_api / pdv_client over HTTP): needs a second site to be meaningful.
• Audit-trail bridge (pdv_audit_trail): its config/install ships no chain, so wiring a working chain + signing secret is non-trivial and a misconfigured audit would break vault writes at runtime. Left out by design.

Notes

• The Master KEK lives in config here (throwaway preview only); production holds it in OpenBao or Vault.
• Tugboat must also be enabled for the project in its Drupal.org settings for previews to run; the config file alone is not enough.