fix(devops): add CSRF_SECRET to all compose files

Added CSRF_SECRET to docker-compose.swarm.portainer.yml (the active
Portainer deployment) and both example compose files. Also added
ENCRYPTION_KEY to the example files where it was missing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docker/docker-compose.example.external.yml

@@ -115,6 +115,10 @@ services:
       OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
       OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
 
+      # Security
+      CSRF_SECRET: ${CSRF_SECRET}
+      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
+
   # Web app remains unchanged
   # web: (uses defaults from docker-compose.yml)
 

docker/docker-compose.example.hybrid.yml

@@ -107,4 +107,8 @@ services:
       OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
       OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
 
+      # Security
+      CSRF_SECRET: ${CSRF_SECRET}
+      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
+
   # Web and Orchestrator use defaults from docker-compose.yml