fix: require ANTHROPIC_API_KEY for Claude Code auth in VNC container

Browser-based OAuth login does not work inside the VNC session because
the OAuth redirect callback cannot reach back into the container. The
solution is to set ANTHROPIC_API_KEY in the Kubernetes secret — when
this env var is present, Claude Code skips browser auth entirely.

Changes:
- init-repo.sh: warn clearly at startup if ANTHROPIC_API_KEY is unset
- values.yaml: document ANTHROPIC_API_KEY in the envSecretName comment
- VARIABLES.md: add ANTHROPIC_API_KEY entry and update secret template

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/init-repo.sh

@@ -59,6 +59,13 @@ chown -R "$RUN_UID:$RUN_GID" "$WORKSPACE_DIR"
 mkdir -p "$HOME"
 chown "$RUN_UID:$RUN_GID" "$HOME"
 
+# Warn if ANTHROPIC_API_KEY is not set — browser-based Claude login won't work in VNC
+if [ -z "$ANTHROPIC_API_KEY" ]; then
+    echo "WARNING: ANTHROPIC_API_KEY is not set."
+    echo "  Claude Code cannot authenticate via browser inside this container."
+    echo "  Add ANTHROPIC_API_KEY to your Kubernetes secret to enable Happy Coder."
+fi
+
 # Start Happy Coder daemon
 echo "Starting Happy Coder..."
 cd "$WORKSPACE_DIR"