Add comprehensive inline metadata documentation to all BackTunnel scripts

scripts/backtunnel-keys

@@ -1,8 +1,34 @@
 #!/usr/bin/env bash
-# backtunnel-keys: manage accessor-side keys
+# SPDX-License-Identifier: GPL-3.0-or-later
+# Copyright (c) 2025 LUXIM d.o.o., Slovenia
+# Author: Matjaž Mozetič
+#
+# Name: backtunnel-keys
+# Summary: Manage the accessor-side BackTunnel SSH key pair.
+# Description:
+#   Provides simple operations for the dedicated BackTunnel SSH key (~/.ssh/id_ed25519_backtunnel):
+#     - print: output the public key to stdout (generates key pair if missing)
+#     - path : show filesystem paths for the private/public key
+#
 # Usage:
 #   backtunnel-keys print         # print (and generate if missing) the public key
 #   backtunnel-keys path          # print the private/public key paths
+#
+# Examples:
+#   backtunnel-keys print > /tmp/accessor.pub
+#   backtunnel-keys path
+#
+# Dependencies:
+#   - bash
+#   - ssh-keygen (for key generation on first use)
+#
+# Exit codes:
+#   0  success
+#   1  invalid usage, missing public key, or other error
+#
+# Notes:
+#   - The key is generated with no passphrase for non-interactive usage by BackTunnel.
+#   - Public key is printed to stdout for easy piping/redirection.
 
 set -euo pipefail
 
@@ -12,6 +38,7 @@ PUB="$KEY.pub"
 cmd="${1:-print}"
 
 case "$cmd" in
+  # print: ensure the key exists, then print the public key
   print)
     if [[ ! -f "$KEY" ]]; then
       ssh-keygen -t ed25519 -f "$KEY" -N "" -C "backtunnel" >/dev/null
@@ -21,6 +48,7 @@ case "$cmd" in
     fi
     cat "$PUB"
     ;;
+  # path: show private/public key locations
   path)
     echo "private: $KEY"
     echo "public : $PUB"