Edit Issue - .issue.db

Title *

Description

## Problem
Production uses Vault sidecar injection in K8s:
- vault.hashicorp.com/agent-inject annotations
- Secrets written to /vault/secrets/db
- ConfigMap mounted at /etc/highway/config.ini

Docker-compose cannot use Vault sidecar. Need alternative approach.

## Solution Options

### Option A: Vault dev mode container
- Run Vault in dev mode as docker-compose service
- Pre-seed with dev secrets
- Workers/API connect to local Vault

### Option B: Environment variable override (RECOMMENDED)
- Create docker/dev.env with all secrets as env vars
- Modify engine/config.py to support env var fallback
- Example:
  ```
  POSTGRES_PASSWORD=devpassword
  JWT_SECRET_KEY=devsecret
  VAULT_TOKEN_DEFAULT=devtoken
  ```

### Option C: .secrets file
- Mount a local .secrets file instead of Vault injection
- Same format as /vault/secrets/db

## Implementation
1. Modify engine/config.py to check ENV vars before Vault
2. Create docker/dev.env.example (git tracked, no real secrets)
3. Create docker/dev.env (git ignored, real dev secrets)
4. Update docker-compose.dev.yml to load env_file

## Key overrides needed:
- POSTGRES_PASSWORD
- JWT_SECRET_KEY
- VAULT_TOKEN_* (admin, demo, default, platform, test)
- DEEPSEEK_API_KEY (optional for dev)
- SMTP credentials (optional)

## Parent: #726

Due Date (YYYY-MM-DD)

Tags (comma separated)

Related Issues (IDs)

Enter IDs of issues related to this one. They will be linked as 'related'.

Edit Issue #729