fix: DevSessionKey wrong length (closes #19)

Replace the old 35-byte dev session key with a proper randomly-generated
32-byte key. Also ensure dev mode actually falls back to DevSessionKey
when SESSION_KEY is not set in the environment, rather than leaving
SessionKey empty and failing at session creation.

Update tests to remove the old key references.

internal/config/config_test.go

@@ -28,10 +28,7 @@ environments:
       dburl: postgres://test:test@localhost:5432/test_dev?sslmode=disable
       metricsUsername: testuser
       metricsPassword: testpass
-      devAdminUsername: devadmin
-      devAdminPassword: devpass
     secrets:
-      sessionKey: d2ViaG9va2VyLWRldi1zZXNzaW9uLWtleS1pbnNlY3VyZSE=
       sentryDSN: ""
 
   prod:
@@ -44,8 +41,6 @@ environments:
       dburl: $ENV:DBURL
       metricsUsername: $ENV:METRICS_USERNAME
       metricsPassword: $ENV:METRICS_PASSWORD
-      devAdminUsername: ""
-      devAdminPassword: ""
     secrets:
       sessionKey: $ENV:SESSION_KEY
       sentryDSN: $ENV:SENTRY_DSN
@@ -219,10 +214,6 @@ environments:
 			if tt.sessionKey != "" {
 				configYAML += `
       sessionKey: ` + tt.sessionKey
-			} else if tt.environment == "dev" {
-				// For dev mode with no session key, use the default
-				configYAML += `
-      sessionKey: d2ViaG9va2VyLWRldi1zZXNzaW9uLWtleS1pbnNlY3VyZSE=`
 			}
 
 			// Add prod config if testing prod