[auto-fix] security: remove hardcoded database credentials from appsettings.json

[github-actions]

Implements the #1 priority improvement from weekly improvements issue #13.

What was changed

File	Change
Beam.Server/appsettings.json	Replaced plaintext SQL Server password with REPLACE_WITH_USER_SECRET_OR_ENV_VAR placeholder
Beam.Server/Beam.Server.csproj	Added <UserSecretsId>beam-server-dev</UserSecretsId> to enable .NET User Secrets
.gitignore	Added appsettings.Production.json and appsettings.Staging.json to prevent future credential commits

Why

appsettings.json contained a plaintext SQL Server password committed directly to source control. Any developer with read access (or anyone who ever cloned the repo) has that credential. This is the highest-priority security issue in the codebase.

⚠️ Required manual action

The committed password must be treated as compromised and rotated immediately. This PR removes the credential from future commits but cannot remove it from git history.

To fully remediate:

1. Rotate the database password on the SQL Server instance.
2. Optionally rewrite git history with git filter-repo or BFG Repo-Cleaner to remove the old credential from all past commits.

Local development setup (after merging)

cd Beam.Server
dotnet user-secrets set "ConnectionStrings:DefaultConnection" "Data Source=sql;Initial Catalog=Beam;Integrated Security=False;User ID=sa;Password=<new-password>"
```

### Production / CI setup

Inject the connection string as an environment variable — ASP.NET Core picks it up automatically:

```
ConnectionStrings__DefaultConnection=<value>

Review checklist

• Rotate the database password before or immediately after merging
• Verify local development works with user secrets
• Confirm CI/CD pipeline injects ConnectionStrings__DefaultConnection as an environment variable

Closes #13

Generated by Implement Top Priority Improvement · ● 437.8K · ◷