fix: complete security vulnerability remediation

Critical Security Fixes:
- Fix JWT secret derivation vulnerability - replace deriveJWTSecret with cryptographically secure GenerateSecureToken
- Secure setup interface - remove JWT secret display and API response exposure
- Fix database migration 012 parameter naming conflict in mark_registration_token_used function
- Restore working Docker Compose environment variable configuration

Security Impact:
- Eliminates system-wide compromise risk from admin credential exposure
- Removes sensitive JWT secret exposure during setup process
- Ensures cryptographically secure JWT token generation
- Fixes agent registration and token creation functionality

Testing:
- Agent registration working properly
- Token consumption tracking functional
- Registration tokens created without 500 errors
- Secure JWT secret generation verified

aggregator-server/internal/database/migrations/012_add_token_seats.up.sql

@@ -63,7 +63,8 @@ END;
 $$ LANGUAGE plpgsql;
 
 -- Update mark_registration_token_used function to increment seats
-CREATE OR REPLACE FUNCTION mark_registration_token_used(token_input VARCHAR, agent_id_param UUID)
+DROP FUNCTION IF EXISTS mark_registration_token_used(VARCHAR, UUID);
+CREATE FUNCTION mark_registration_token_used(token_input VARCHAR, agent_id_param UUID)
 RETURNS BOOLEAN AS $$
 DECLARE
     rows_updated INTEGER;  -- Fixed: Changed from BOOLEAN to INTEGER to match ROW_COUNT type