process.exit(1) when ENCRYPTION_KEY is unset was a breaking change for
existing installs — a plain git pull would prevent the server from
starting.
Replace with a three-step fallback:
1. ENCRYPTION_KEY env var (explicit, takes priority)
2. data/.jwt_secret (existing installs: encrypted data stays readable
after upgrade with zero manual intervention)
3. data/.encryption_key auto-generated on first start (fresh installs)
A warning is logged when falling back to the JWT secret so operators
are nudged toward setting ENCRYPTION_KEY explicitly.
Update README env table and Docker Compose comment to reflect that
ENCRYPTION_KEY is recommended but no longer required.
871bfd7dfd