fix: self-service signup, unified key store, persistent data volume

- Added /v1/signup/free endpoint for instant API key provisioning
- Built unified key store (services/keys.ts) with file-based persistence
- Refactored auth middleware to use key store (no more hardcoded env keys)
- Refactored usage middleware to check key tier from store
- Updated billing to use key store for Pro key provisioning
- Landing page: replaced mailto: link with signup modal
- Landing page: Pro checkout button now properly calls /v1/billing/checkout
- Added Docker volume for persistent key storage
- Success page now renders HTML instead of raw JSON
- Tested: signup → key → PDF generation works end-to-end

src/middleware/auth.ts

@@ -1,8 +1,5 @@
 import { Request, Response, NextFunction } from "express";
-
-const API_KEYS = new Set(
-  (process.env.API_KEYS || "test-key-123").split(",").map((k) => k.trim())
-);
+import { isValidKey, getKeyInfo } from "../services/keys.js";
 
 export function authMiddleware(
   req: Request,
@@ -15,9 +12,11 @@ export function authMiddleware(
     return;
   }
   const key = header.slice(7);
-  if (!API_KEYS.has(key)) {
+  if (!isValidKey(key)) {
     res.status(403).json({ error: "Invalid API key" });
     return;
   }
+  // Attach key info to request for downstream use
+  (req as any).apiKeyInfo = getKeyInfo(key);
   next();
 }