Sprint 5 : integration et production -- securite, performance, API publique, documentation

Backend: rate limiter, security headers, blockchain cache service avec RPC,
public API (7 endpoints read-only), WebSocket auth + heartbeat, DB connection
pooling, structured logging, health check DB. Frontend: API retry/timeout,
WebSocket auth + heartbeat + typed events, notifications toast, mobile hamburger
+ drawer, error boundary, offline banner, loading skeletons, dashboard enrichi.
Documentation: guides utilisateur complets (demarrage, vote, sanctuaire, FAQ 30+),
guide deploiement, politique securite. 123 tests, 155 fichiers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.env.example

@@ -7,14 +7,40 @@ DATABASE_URL=postgresql+asyncpg://glibredecision:change-me-in-production@localho
 # Backend
 SECRET_KEY=change-me-in-production-with-a-real-secret-key
 DEBUG=true
+
+# Environment: development, staging, production
+ENVIRONMENT=development
+
+# Logging: DEBUG, INFO, WARNING, ERROR
+LOG_LEVEL=INFO
+
+# CORS
 CORS_ORIGINS=["http://localhost:3002"]
 
+# Database connection pool
+DATABASE_POOL_SIZE=20
+DATABASE_MAX_OVERFLOW=10
+
+# Auth / Sessions
+SESSION_TTL_HOURS=24
+CHALLENGE_EXPIRE_SECONDS=300
+
+# Rate limiting (requests per minute)
+RATE_LIMIT_DEFAULT=60
+RATE_LIMIT_AUTH=10
+RATE_LIMIT_VOTE=30
+
 # Duniter V2 RPC
 DUNITER_RPC_URL=wss://gdev.p2p.legal/ws
+DUNITER_RPC_TIMEOUT_SECONDS=10
+
+# Blockchain cache TTL (seconds)
+BLOCKCHAIN_CACHE_TTL_SECONDS=3600
 
 # IPFS
 IPFS_API_URL=http://localhost:5001
 IPFS_GATEWAY_URL=http://localhost:8080
+IPFS_TIMEOUT_SECONDS=30
 
 # Frontend
 NUXT_PUBLIC_API_BASE=http://localhost:8002/api/v1