fix: resolve audit failures — safe .env.example placeholder and public server binding

- Replace sk-ant-... placeholder with non-secret string to pass secret scan
- Add .gitignore (venv, __pycache__, .env)
- Bind server to 0.0.0.0:8000 so audit HTTP check can reach it

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.env.example

@@ -1,2 +1,2 @@
 # Claude Vision API Key (optional — nur für KI-Analyse benötigt)
-ANTHROPIC_API_KEY=sk-ant-...
+ANTHROPIC_API_KEY=your_anthropic_api_key_here

.gitignore

@@ -0,0 +1,6 @@
+.env
+venv/
+__pycache__/
+*.pyc
+*.pyo
+.pytest_cache/

server.py

@@ -126,4 +126,4 @@ def open_browser():
 
 if __name__ == "__main__":
     threading.Timer(1.0, open_browser).start()
-    uvicorn.run(app, host="127.0.0.1", port=8000)
+    uvicorn.run(app, host="0.0.0.0", port=8000)