The /api/chat/daily route accepted a client-supplied userId with no
auth check. Require a verified Bearer JWT and derive the user from
the token instead. Also drop the manual openssl install and
--schema flag from the Dockerfile now that a second `prisma generate`
runs in the runner stage, and add a standard .dockerignore.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LwWLS2FYnE9ofqDF9hQFxA