Ship docker-compose.override.example.yml + .gitignore the working override

[tayebmokni]

Summary

The recent session created a working `docker-compose.override.yml` at repo root with:

• `postgres` port override (5433 host → 5432 container)
• `admin` build-args `NEXT_PUBLIC_API_URL=""` + `GONEXT_API_URL=http://api:8080\` + entrypoint override running the standalone server directly
• Aligned auth secrets across `api`, `worker`, `migrate` (hardcoded 32-byte dev values)

The file is currently UNTRACKED. Compose auto-loads it on the maintainer's machine but a fresh clone gets none of this — admin builds against an empty URL, API boots with whatever dev secrets are in `docker-compose.dev.yml` (which differ from the override's values), sessions don't cross services.

Fix (recommended path)

1. Don't commit the override — it embeds the same secret across three services, and committing dev-only secrets sets a bad precedent.
2. Add it to .gitignore.
3. Ship a `docker-compose.override.example.yml` with the same structure but placeholder secrets and clear inline comments.
4. Add to README under "Local dev setup":
   ```
   cp docker-compose.override.example.yml docker-compose.override.yml

   edit secrets to taste, or accept defaults for dev-only.

   ```
5. Optionally fold the static (non-secret) bits — port override, build-args, entrypoint — into `docker-compose.dev.yml` so a fresh checkout works without copying.

Alternative considered

Folding the override directly into `docker-compose.dev.yml` was rejected because the dev file already ships placeholder dev secrets — adding more secrets would multiply the drift.