Define backup restore secret handoff

docs/initial-operating-contracts.md

@@ -70,6 +70,8 @@ leaving live deploy and secret custody changes behind separate review gates.
   drill for the relevant storage path.
 - S5 app releases may consume forge artifacts, but they should cite forge
   evidence rather than owning package blob backup procedures themselves.
+- The detailed backup, restore, and secret custody handoff contract lives in
+  `docs/backup-restore-secret-handoff.md`.
 
 ## Secret Custody
 
@@ -79,6 +81,8 @@ leaving live deploy and secret custody changes behind separate review gates.
   tokens, tokenized package index URLs, or generated credential material.
 - Deploy-capable files that reference encrypted values move only after review of
   the SOPS/OpenBao handoff and compatibility pointers.
+- Allowed and forbidden secret references are defined in
+  `docs/backup-restore-secret-handoff.md`.
 
 ## Observability And Evidence