feat: Operational hardening — healthcheck, config refactor, requirements lock

- Add GET /health route (DB + Redis ping, 200/503) with Dockerfile HEALTHCHECK directive
- Replace config.py stub with real pydantic BaseSettings reading directly from env vars;
  remove external config file mount from docker-compose
- Add requirements.lock (pip freeze snapshot for bit-identical builds)
- Untrack config.py globally but allow app/config.py via .gitignore negation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

requirements.lock

@@ -0,0 +1,80 @@
+aiofiles==25.1.0
+annotated-doc==0.0.4
+annotated-types==0.7.0
+anyio==4.12.0
+argon2-cffi==25.1.0
+argon2-cffi-bindings==25.1.0
+certifi==2025.11.12
+cffi==2.0.0
+charset-normalizer==3.4.5
+click==8.3.1
+Deprecated==1.3.1
+dnspython==2.8.0
+email-validator==2.3.0
+et_xmlfile==2.0.0
+fastapi==0.115.5
+fastapi-cli==0.0.20
+fastapi-cloud-cli==0.8.0
+fastar==0.8.0
+greenlet==3.3.2
+gunicorn==23.0.0
+h11==0.16.0
+hiredis==3.3.0
+html2text==2025.4.15
+httpcore==1.0.9
+httptools==0.7.1
+httpx==0.28.1
+idna==3.11
+itsdangerous==2.2.0
+Jinja2==3.1.6
+markdown-it-py==4.0.0
+MarkupSafe==3.0.3
+mdurl==0.1.2
+mysqlclient==2.2.8
+numpy==2.4.3
+openpyxl==3.1.5
+orjson==3.11.5
+packaging==25.0
+pandas==3.0.1
+passlib==1.7.4
+pdf2image==1.17.0
+pillow==12.1.1
+pycparser==3.0
+pydantic==1.10.26
+pydantic-extra-types==2.10.6
+pydantic-settings==2.12.0
+pydantic_core==2.41.5
+Pygments==2.19.2
+PyJWT==2.11.0
+pyparsing==3.3.2
+python-dateutil==2.9.0.post0
+python-dotenv==1.2.1
+python-multipart==0.0.21
+pytz==2026.1.post1
+PyYAML==6.0.3
+qrcode==8.2
+redis==7.3.0
+requests==2.32.5
+rfc3986==2.0.0
+rich==14.2.0
+rich-toolkit==0.17.1
+rignore==0.7.6
+sentry-sdk==2.48.0
+shellingham==1.5.4
+six==1.17.0
+sniffio==1.3.1
+SQLAlchemy==1.4.52
+starlette==0.41.3
+stripe==14.4.1
+typer==0.21.0
+typing-inspection==0.4.2
+typing_extensions==4.15.0
+ujson==5.11.0
+urllib3==2.6.2
+uvicorn==0.40.0
+uvloop==0.22.1
+Wand==0.7.0
+watchfiles==1.1.1
+websockets==15.0.1
+wrapt==2.1.2
+xlrd==2.0.2