Security hardening: secrets, validation, Docker, and error handling

- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed
- Load JWT SECRET_KEY from environment variable instead of hardcoded value
- Restrict CORS to explicit methods/headers instead of wildcards
- Add Pydantic Field validation (gt=0) to purchase amounts and user credentials
- Add logging to all silent exception handlers in btc.py
- Run backend and frontend Docker containers as non-root appuser
- Add .dockerignore for both backend and frontend
- Pass SECRET_KEY env var through docker-compose; add healthchecks to both services
- Update bcrypt from pinned 3.2.2 to >=4.0.0
- Capture error objects in frontend catch blocks; check admin delete response

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

btc-portfolio/frontend/src/components/AddPurchase.js

@@ -39,7 +39,8 @@ export default function AddPurchase({ onAdded }) {
       setAmountEur('');
       setPriceEur('');
       onAdded();
-    } catch {
+    } catch (err) {
+      console.error('AddPurchase network error:', err);
       setError('Network error');
     }
   };