feat(workspace): full server + sync implementation, all tests green

- solitaire_server: Axum auth, sync push/pull, leaderboard, daily
  challenge, account deletion, JWT middleware, rate limiting via
  tower_governor, SQLite migrations, health endpoint
- solitaire_server: expose build_test_router (no rate limiting) so
  integration tests work without a peer IP in oneshot requests
- solitaire_sync: SyncPayload, merge logic, shared API types
- solitaire_data: SyncProvider trait, LocalOnlyProvider,
  SolitaireServerClient, auth_tokens keyring integration, blanket
  Box<dyn SyncProvider> impl
- solitaire_data/settings: derive Default on SyncBackend (clippy fix)
- .sqlx/: offline query cache so server compiles without a live DB
- sqlx: removed non-existent "offline" feature flag
- keyring v2: fixed Entry::new() returning Result<Entry>
- sqlx 0.8: all SQLite TEXT columns wrapped in Option<T>
- Integration tests: max_connections(1) on in-memory pool so all
  connections share the same schema

All 191 tests pass; cargo clippy -D warnings clean.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.env.example

@@ -1,4 +1,16 @@
-DATABASE_URL=sqlite://solitaire.db
-JWT_SECRET=replace_with_64_char_hex_from_openssl_rand_hex_32
+# Copy to .env and fill in the values before running docker compose up.
+
+# SQLite database path inside the container.
+# When using docker-compose, leave as-is — the volume handles persistence.
+DATABASE_URL=sqlite:///data/solitaire.db
+
+# HS256 signing secret for JWT tokens.
+# Generate with: openssl rand -hex 32
+JWT_SECRET=replace_me_with_a_64_char_hex_secret
+
+# TCP port the server listens on inside the container.
 SERVER_PORT=8080
-ADMIN_USERNAME=admin
+
+# Public domain name used by Caddy for automatic HTTPS.
+# Example: solitaire.example.com
+SOLITAIRE_DOMAIN=solitaire.example.com