fix(api): resolve Docker startup failures (secrets, Redis, Prisma)

- Pass BETTER_AUTH_SECRET through all 6 docker-compose files to API container
- Fix BullModule to parse VALKEY_URL instead of VALKEY_HOST/VALKEY_PORT,
  matching all other Redis consumers in the codebase
- Migrate Prisma encryption from removed $use() middleware to $extends()
  client extensions (Prisma 6.x compatibility), keeping extends PrismaClient
  pattern with only account and llmProviderInstance getters overridden

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/api/src/prisma/prisma.service.spec.ts

@@ -48,10 +48,14 @@ describe("PrismaService", () => {
   });
 
   describe("onModuleInit", () => {
-    it("should connect to the database", async () => {
+    it("should connect to the database and register encryption extensions", async () => {
       const connectSpy = vi.spyOn(service, "$connect").mockResolvedValue(undefined);
-      // Mock $use to prevent middleware registration errors in tests
-      (service as any).$use = vi.fn();
+      // Mock $extends to return a mock client (extensions chain)
+      const mockExtendedClient = { account: {}, llmProviderInstance: {} };
+      vi.spyOn(service, "$extends").mockReturnValue({
+        ...mockExtendedClient,
+        $extends: vi.fn().mockReturnValue(mockExtendedClient),
+      } as never);
 
       await service.onModuleInit();