Ship structural enforcement against op item get --format json (4th credential leak, 29h after rules-only guardrail)

Context: 4 credential leaks in 4 weeks (5/12 Snowflake, 5/14 1Password, 6/10 AWS Postgres, 6/11 TigerData). The 6/10 leak ended with a 44-min ship of an AGENTS.md secret-handling section banning `op item get --reveal --format json`. I broke that rule in a slightly different shape (field discovery via `--format json`) ~29 hours later. See LEARNINGS.md 2026-06-11 23:22 UTC entry. Rules-on-paper are demonstrably insufficient. Need structural enforcement. Subtasks (atomic, ≤30 min each): 1. Build `~/bin/safe-op` wrapper: refuses `--format json` AND bare `--reveal` (without `--fields <name>`). Logs every call. 2. Verify `op item get <uuid> --fields label` behavior — does `--fields label` return only field labels (safe) or also values? If safe, document; if not, use the no-flag plaintext form which masks concealed fields with `********`. 3. Update AGENTS.md `🔐 Secret Handling` section: add a field-discovery recipe (safe pattern verified in step 2) so future-me does not reach for `--format json` again. 4. Add UUID + field names for the 4 recurring secrets I touched in the last month to MEMORY.md: AWS Postgres prod, TigerData read replica, Neon Texture Domains RO, Doppler personal token. Eliminates the need for field discovery on the items I actually use. 5. Cross-link LEARNINGS.md → AGENTS.md → MEMORY.md updates. NOT in scope: rotating the leaked TigerData credential — Sergey owns the rotation, I owe him the structural fix so this is not 4-of-N.