refactor: auto-generate session key and store in database

Remove SESSION_KEY env var requirement. On first startup, a
cryptographically secure 32-byte key is generated and stored in a new
settings table. Subsequent startups load the key from the database.

- Add Setting model (key-value table) for application config
- Add Database.GetOrCreateSessionKey() method
- Session manager initializes in OnStart after database is connected
- Remove DevSessionKey constant and SESSION_KEY env var handling
- Remove prod validation requiring SESSION_KEY
- Update README: config table, Docker instructions, security notes
- Update config.yaml.example
- Update all tests to remove SessionKey references

Addresses owner feedback on issue #15.

configs/config.yaml.example

@@ -15,8 +15,6 @@ environments:
       devAdminUsername: devadmin
       devAdminPassword: devpassword
     secrets:
-      # Use default insecure session key for development
-      sessionKey: d2ViaG9va2VyLWRldi1zZXNzaW9uLWtleS1pbnNlY3VyZSE=
       # Sentry DSN - usually not needed in dev
       sentryDSN: ""
 
@@ -34,7 +32,6 @@ environments:
       devAdminUsername: ""
       devAdminPassword: ""
     secrets:
-      sessionKey: $ENV:SESSION_KEY
       sentryDSN: $ENV:SENTRY_DSN
 
 configDefaults:
@@ -47,4 +44,4 @@ configDefaults:
   metricsUsername: ""
   metricsPassword: ""
   devAdminUsername: ""
-  devAdminPassword: "" 
+  devAdminPassword: ""