stem95su: scheduled Drive->site sync CronJob (every 10m)

CronJob stem95su-gdrive-sync (*/10) mounts the content PVC RW and
rclone-syncs the read-only Drive folder "claude" (stem claude/files) onto
it (rclone/rclone:1.74.3, scope=drive.readonly, empty-source guard +
--max-delete 25). ESO ExternalSecret stem95su-rclone <- Vault
secret/stem95su. Requires the GCP OAuth app published to Production or the
refresh token expires ~weekly.

Lands the gdrive-sync stack on master (it had landed on a feature branch
by accident on the shared devvm checkout).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

scripts/stop_storage_services.sh

@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-# Stop services that may become in a corrupted state if storage is suddenly disconnected
-
-
-set -euxo pipefail
-
-function scale() { kubectl scale deployment --replicas=$3 --namespace $1 $2; }
-
-### ============================
-### MAIN
-### ============================
-cmd="${1:-stop}"
-case "$cmd" in
-  stop)
-    scale redis redis 0
-    scale uptime-kuma uptime-kuma 0
-    scale paperless-ngx paperless-ngx 0
-    scale vaultwarden vaultwarden 0
-    scale immich immich-postgresql 0
-    scale nextcloud nextcloud 0
-    scale monitoring prometheus-server 0
-
-    scale technitium technitium 0
-    scale dbaas mysql 0
-    scale dbaas postgresql 0
-    ;;
-  start)
-    scale dbaas mysql 1
-    scale dbaas postgresql 1
-    scale technitium technitium 1
-    scale immich immich-postgresql 1
-    scale nextcloud nextcloud 1
-    scale paperless-ngx paperless-ngx 1
-    scale monitoring prometheus-server 1
-    scale redis redis 1
-    scale uptime-kuma uptime-kuma 1
-    scale vaultwarden vaultwarden 1
-    ;;
-    # echo "[!] Cleanup only removes links (not flushing all iptables to avoid surprises)."
-    # ip netns list | grep -qw "$NS_NAME" && sudo ip netns del "$NS_NAME" || true
-    # has_link "$HOST_VETH" && sudo ip link del "$HOST_VETH" || true
-    # ;;
-  *)
-    echo "Usage: $0 [stop|start]"
-    exit 1
-    ;;
-esac