security: remove exposed credentials from wrangler.toml

- Remove Turso auth token from version control
- Remove OpenRouter API key placeholder
- Add .gitignore to prevent future credential exposure
- Update wrangler.toml to use environment variables
- Credentials now managed via GitHub secrets

⚠️ IMPORTANT: Rotate Turso auth token immediately in dashboard

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

Author: bhunt