Require signing_key at startup, add default config

- Add config validation: signing_key required, minimum 32 characters
- Server now fails to start without valid signing_key (no more runtime errors)
- Add config.example.yml with default whitelist hosts
- Copy config to /etc/pixa/config.yml in Docker image
- Update entrypoint to use --config /etc/pixa/config.yml
- Add config.dev.yml for local Docker development
- Mount dev config in make devserver

config.example.yml

@@ -0,0 +1,13 @@
+# Pixa configuration
+#
+# REQUIRED: Set signing_key before starting the server.
+# Generate with: openssl rand -base64 32
+
+signing_key: "CHANGE_ME_generate_with_openssl_rand_base64_32"
+
+whitelist_hosts:
+  - s3.sneak.cloud
+  - static.sneak.cloud
+  - sneak.berlin
+  - github.com
+  - user-images.githubusercontent.com