Prepare for public distribution v1.0.0

- Remove all personal data from source code (HA IP, JWT tokens)
- Move secrets to .env configuration (gitignored)
- Create .env.example template for new installations
- Add centralized env() helper, eliminate code duplication (~120 lines removed)
- Add input validation on inventory operations (quantity bounds, location whitelist)
- Remove sensitive credential exposure in API responses
- Remove database and runtime files from Git tracking
- Disable database push-to-GitHub backup (local-only backup now)
- Update .gitignore for distribution
- Add comprehensive README with installation guide
- Add CHANGELOG.md for version tracking
- Add MIT LICENSE
- Add author/license headers to all source files
- TTS defaults now empty (configured per-installation via .env)

.gitignore

@@ -1,28 +1,31 @@
-# Environment variables (secrets)
+# Environment variables (secrets — copy .env.example to .env)
 .env
 
-# SQLite WAL/SHM temp files
+# Data directory (user-specific runtime data)
+data/dispensa.db
 data/*.db-wal
 data/*.db-shm
-
-# Bring! auth token cache
+data/backups/
+data/cron.log
+data/smart_shopping_cache.json
 data/bring_token.json
 data/bring_catalog.json
-
-# DupliClick token cache
 data/dupliclick_token.json
-
-# Client debug log (runtime only)
 data/client_debug.log
 
-# SSL CA cert (local only)
-ca.crt
+# SSL certificates (local only)
+data/*.crt
+data/*.pem
+*.crt
+*.pem
 
 # OS files
 .DS_Store
 Thumbs.db
 
-# Editor
+# Editor / IDE
 *.swp
 *.swo
 *~
+.idea/
+.vscode/