docs: document COOKIE_SECURE and OIDC_DISCOVERY_URL across all config files

Adds COOKIE_SECURE (fixes login loop on plain-HTTP setups) and the previously
undocumented OIDC_DISCOVERY_URL to .env.example, docker-compose.yml, README.md,
chart/values.yaml, chart/templates/configmap.yaml, and chart/README.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server/src/services/cookie.ts

@@ -3,7 +3,7 @@ import { Response } from 'express';
 const COOKIE_NAME = 'trek_session';
 
 function cookieOptions(clear = false) {
-  const secure = process.env.NODE_ENV === 'production' || process.env.FORCE_HTTPS === 'true';
+  const secure = process.env.COOKIE_SECURE !== 'false' && (process.env.NODE_ENV === 'production' || process.env.FORCE_HTTPS === 'true');
   return {
     httpOnly: true,
     secure,