refactor: move environment variables to runtime for secure containerized builds

Change from $env/static/private to $env/dynamic/private for all
environment variables. This allows building in CI without embedding
secrets in build artifacts, while keeping secrets secure on the server
at runtime.

Changes:
- Refactor auth configuration to use dynamic env vars
- Move database connection string to runtime
- Update image API routes to read IMAGE_DIR at runtime
- Add .env.example for documentation

This enables the containerized build workflow to succeed without
requiring a .env file during build, as secrets are only needed when
the application starts on the server.

src/utils/db.ts

@@ -1,5 +1,5 @@
 import mongoose from 'mongoose';
-import { MONGO_URL } from '$env/static/private';
+import { env } from '$env/dynamic/private';
 
 let isConnected = false;
 
@@ -17,7 +17,7 @@ export const dbConnect = async () => {
       socketTimeoutMS: 45000, // Close sockets after 45 seconds of inactivity
     };
 
-    const connection = await mongoose.connect(MONGO_URL ?? '', options);
+    const connection = await mongoose.connect(env.MONGO_URL ?? '', options);
     
     isConnected = true;
     console.log('MongoDB connected with persistent connection');