refactor: replace master.key file with ENCRYPTION_KEY env var and fix k8s deployment

- Replace file-based master key (data/master.key) with ENCRYPTION_KEY env var (hex-encoded)
- App now requires ENCRYPTION_KEY to start, removing MASTER_KEY_PATH entirely
- Fix k8s: add missing gitea-assistant-data volume, replace PVC with hostPath for single-node
- Fix k8s: change qdrant from StatefulSet+PVC to Deployment+hostPath
- Add K8s Secret for ENCRYPTION_KEY injection
- Update all tests, .env.example, and documentation

.env.example

@@ -1,7 +1,7 @@
 # 应用配置
 PORT=3000
 # DATABASE_PATH=./data/assistant.db   # 可选，默认为 ./data/assistant.db
-# MASTER_KEY_PATH=./data/master.key   # 可选，默认为 ./data/master.key
+ENCRYPTION_KEY=                       # 必填，运行 openssl rand -hex 32 生成
 
 # 所有其他配置（Gitea连接、飞书通知、Webhook密钥、管理员密码、审查引擎、记忆系统等）
 # 均通过 Web 管理后台进行配置。