security: sanitize internal infrastructure details from open source package

- Remove production_test_sequence.sh (DAW-specific production tests)
- Remove setup_env.sh (obsolete .env setup, replaced by furt.conf)
- Sanitize test scripts: replace dragons-at-work.de with example.com
- Sanitize API keys: replace dev keys with placeholder values
- Remove hardcoded DAW fallbacks from http_server.lua and smtp.lua
- Update .gitignore to exclude production-specific test files

Tests remain functional for developers with example domains.
All internal DAW infrastructure details removed from package.

Closes #101

scripts/test_auth.sh

@@ -3,8 +3,8 @@
 # Test API-Key-Authentifizierung (ohne jq parse errors)
 
 BASE_URL="http://127.0.0.1:8080"
-HUGO_API_KEY="hugo-dev-key-change-in-production"
-ADMIN_API_KEY="admin-dev-key-change-in-production"
+HUGO_API_KEY="YOUR_API_KEY_HERE"
+ADMIN_API_KEY="YOUR_ADMIN_KEY_HERE"
 INVALID_API_KEY="invalid-key-should-fail"
 
 echo "🔐 Testing Furt API-Key Authentication"
@@ -16,24 +16,24 @@ make_request() {
     local url="$2"
     local headers="$3"
     local data="$4"
-    
+
     echo "Request: $method $url"
     if [ -n "$headers" ]; then
         echo "Headers: $headers"
     fi
-    
+
     local response=$(curl -s $method \
         ${headers:+-H "$headers"} \
         ${data:+-d "$data"} \
         -H "Content-Type: application/json" \
         "$url")
-    
+
     local status=$(curl -s -o /dev/null -w "%{http_code}" $method \
         ${headers:+-H "$headers"} \
         ${data:+-d "$data"} \
         -H "Content-Type: application/json" \
         "$url")
-    
+
     echo "Status: $status"
     echo "Response: $response" | jq '.' 2>/dev/null || echo "$response"
     echo ""