docs: document two-key privilege model

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

README.md

@@ -9,11 +9,14 @@ it isn't permitted to see or send mail to people it isn't permitted to contact.
 ## Getting started
 
 ```bash
-export EMCLI_KEY="$(head -c 32 /dev/urandom | base64)"   # one-time: generate & save a key
-emcli init                                                # create the DB, add your first account
-emcli doctor                                              # confirm it connects and authenticates
+export EMCLI_ADMIN_KEY="$(head -c 32 /dev/urandom | base64)"   # you (human) keep this
+export EMCLI_KEY="$(head -c 32 /dev/urandom | base64)"         # the agent launcher gets ONLY this
+emcli init                                                      # writes both wrap slots
+emcli doctor                                                    # confirm connect/auth (agent key is enough)
 ```
 
+`emcli init` needs both keys. Give the agent's orchestrator only `EMCLI_KEY`; admin commands (`account`, `whitelist`, `config`, `audit`) require `EMCLI_ADMIN_KEY` and will refuse to run without it.
+
 ## Documentation
 
 See the **[User Manual](USER-MANUAL.md)** for full setup, account configuration (including Gmail