feat: Docker self-hosting setup with migration service and auth bypass

- Fix Dockerfiles to copy pnpm-lock.yaml (frozen-lockfile compliance)
- Add migrate target to API Dockerfile using builder stage
- Add migrate service to docker-compose that runs before API starts
- Add AUTH_DISABLED env var bypass to auth middleware for dev/Docker
- Proxy /api/ from nginx to API container (no CORS needed)
- Include initial Drizzle migration (0000_colossal_colossus.sql)
- Add .env.example with all configurable variables
- Update README with Docker self-hosting instructions

Closes #7

Co-Authored-By: Paperclip <noreply@paperclip.ing>

docker-compose.yml

@@ -15,6 +15,18 @@ services:
       timeout: 5s
       retries: 5
 
+  migrate:
+    build:
+      context: .
+      dockerfile: apps/api/Dockerfile
+      target: migrate
+    environment:
+      DATABASE_URL: postgres://groombook:groombook@postgres:5432/groombook
+    depends_on:
+      postgres:
+        condition: service_healthy
+    restart: "no"
+
   api:
     build:
       context: .
@@ -23,12 +35,14 @@ services:
       - "3000:3000"
     environment:
       DATABASE_URL: postgres://groombook:groombook@postgres:5432/groombook
-      OIDC_ISSUER: http://authentik:9000
-      OIDC_AUDIENCE: groombook
-      CORS_ORIGIN: http://localhost:5173
+      AUTH_DISABLED: "true"
+      CORS_ORIGIN: http://localhost:8080
+      PORT: "3000"
     depends_on:
       postgres:
         condition: service_healthy
+      migrate:
+        condition: service_completed_successfully
 
   web:
     build: