fix: `SERVICE_API_KEY` and `ADMIN_API_KEY` have insecure hardcoded defaults in Settings

[BigBen-7]

Description

src/config.py sets:

SERVICE_API_KEY: str = "default_service_secret_change_me"
ADMIN_API_KEY:   str = "default_admin_secret_change_me"

These are public defaults committed to the repository. Any deployment that forgets to override them in .env silently accepts these well-known strings as valid credentials — a complete authentication bypass.

Requirements & context

• Remove the default values for both fields — make them required (Field(...)) or validate at startup that they are not equal to the known bad defaults
• Add a @field_validator that rejects both keys if they match the old default strings or are shorter than 32 characters
• Update .env.example with commented-out placeholder values and a security note
• Confirm the app raises a clear ValidationError at startup if either key is missing or is the default string

Suggested execution

git checkout -b fix/insecure-default-api-keys

• Update src/config.py
• Update .env.example
• Add startup test asserting ValidationError when keys are the defaults

Guidelines

• Never log the key values — only confirm presence and minimum length
• PR must include: Closes #[issue_id]
• Timeframe: 24 hours

[Tinna23]

@Tinna23 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

can i workon this?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Tinna23 to this issue.

[drips-wave]

Congratulations, @Tinna23! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @Tinna23: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @Tinna23 as part of the Stellar Wave Program's 3rd Wave 🥳

😎 @Tinna23: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.