feat: add Supabase auth config to production Docker setup

- Pass SUPABASE_JWT_SECRET to backend in docker-compose.prod.yml
- Add build args (VITE_API_URL, VITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY)
  to Dockerfile.prod so Vite inlines them at build time
- Pass build args from secrets in deploy workflow
- Add build section to frontend service in docker-compose.prod.yml

No GoTrue container needed in prod — Supabase Cloud hosts the auth
service. The backend only needs the JWT secret to verify tokens.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/Dockerfile.prod

@@ -8,6 +8,11 @@ COPY package*.json ./
 RUN npm ci
 
 COPY . .
+
+ARG VITE_API_URL
+ARG VITE_SUPABASE_URL
+ARG VITE_SUPABASE_ANON_KEY
+
 RUN npm run build
 
 # Stage 2: Serve