feat(prometheus): real providers (Gemini/fal/Pollinations…) + secure key store

- Secure secrets: gitignored ~/pyre/.env (chmod 600) loaded into the API via
  `node --env-file-if-exists`; keys never committed/logged/returned. .env.example
  documents the vars. Free-first default (text=gemini, image=pollinations).
- @pyre/config: provider selection + key fields.
- @pyre/prometheus: real providers via fetch (no SDK deps) — Gemini/Anthropic/
  OpenAI text, Pollinations(free)/fal/DeepInfra/Replicate image, OpenAI moderation;
  `createProviders()` factory selects by config + key presence, falls back to stub.
  29 tests.
- @pyre/api: /api/prometheus/generate builds providers from config; keys never logged.

Live-verified end-to-end: admin-gated generate returned a real Spawn ("Ashen
Golem"/$AGOL) with a Pollinations image on the $0 stub-text+free-image stack;
.env-loaded admin token enforced. typecheck 8/8, 150 tests.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

ecosystem.config.cjs

@@ -43,7 +43,9 @@ module.exports = {
       cwd: `${REPO}/apps/api`,
       script: "src/index.ts",
       interpreter: "node",
-      interpreter_args: "--import tsx",
+      // Load secrets from the gitignored ~/pyre/.env (chmod 600) if present,
+      // then register tsx. Keys never live in this committed file.
+      interpreter_args: `--env-file-if-exists=${REPO}/.env --import tsx`,
       instances: 1,
       exec_mode: "fork",
       autorestart: true,
@@ -67,7 +69,9 @@ module.exports = {
       cwd: `${REPO}/apps/worker`,
       script: "src/index.ts",
       interpreter: "node",
-      interpreter_args: "--import tsx",
+      // Load secrets from the gitignored ~/pyre/.env (chmod 600) if present,
+      // then register tsx. Keys never live in this committed file.
+      interpreter_args: `--env-file-if-exists=${REPO}/.env --import tsx`,
       instances: 1,
       exec_mode: "fork",
       autorestart: true,