fix: remove all default credentials (#2)

- Gateway: admin user seeded from ADMIN_USERNAME/ADMIN_PASSWORD env vars
  (no more hardcoded admin/admin). Warns if not set.
- Trips: USERNAME/PASSWORD env vars no longer default to admin/admin.
  Warns if not set.
- Fitness: user seed requires USER{n}_USERNAME/PASSWORD env vars.
  No more "changeme" fallback. Skips seed if not set.
- /api/auth/register remains disabled (403)

Closes #2

gateway/database.py

@@ -122,13 +122,20 @@ def init_db():
         conn.commit()
         print("[Gateway] Added budget app")
 
-    # Seed default admin user if empty
+    # Seed admin user from env vars if no users exist
+    import os
     user_count = c.execute("SELECT COUNT(*) FROM users").fetchone()[0]
     if user_count == 0:
-        pw_hash = bcrypt.hashpw("admin".encode(), bcrypt.gensalt()).decode()
-        c.execute("INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)",
-                  ("admin", pw_hash, "Yusuf"))
-        conn.commit()
-        print("[Gateway] Created default user: admin / admin")
+        admin_user = os.environ.get("ADMIN_USERNAME")
+        admin_pass = os.environ.get("ADMIN_PASSWORD")
+        admin_name = os.environ.get("ADMIN_DISPLAY_NAME", "Admin")
+        if not admin_user or not admin_pass:
+            print("[Gateway] WARNING: No users exist and ADMIN_USERNAME/ADMIN_PASSWORD not set. Create a user manually.")
+        else:
+            pw_hash = bcrypt.hashpw(admin_pass.encode(), bcrypt.gensalt()).decode()
+            c.execute("INSERT INTO users (username, password_hash, display_name) VALUES (?, ?, ?)",
+                      (admin_user, pw_hash, admin_name))
+            conn.commit()
+            print(f"[Gateway] Created admin user: {admin_user}")
 
     conn.close()