fix: address post-push review issues - security, resilience, and code quality

- Fix hardcoded DATABASE_URL in 4 new microservices (gpu-service, governance-service, trading-service, marketplace-service) - now use os.getenv() with SQLite fallback
- Move httpx.AsyncClient to API gateway lifespan for connection pooling
- Add 30-second timeout to API gateway proxy calls
- Move hardcoded service URLs to environment variables in API gateway (GPU_SERVICE_URL, MARKETPLACE_SERVICE_URL, etc.)
- Add cli/build/ and cli/dist/ to .gitignore and remove 42 stale build artifacts from git
- Fix version pinning conflicts in 4 new service pyproject.toml files (align with root: fastapi >=0.115.6, sqlmodel >=0.0.38, pytest >=9.0.3)
- Fix 18 remaining datetime.utcnow() calls in monitoring-service and ai-service (replace with datetime.now(timezone.utc))
- Add retries (3 attempts), authentication (Bearer token), rate limiting (100/min via slowapi), and circuit breaker to API gateway
- Add /ready and /live endpoints to 4 new microservices for production readiness/liveness probes
- Audit debug logging - confirmed no sensitive data (passwords, keys, secrets, tokens) is logged; cache keys and masked API keys are safe

.gitignore

@@ -230,6 +230,7 @@ packages/solidity/aitbc-token/node_modules/
 contracts/artifacts/
 *.dbg.json
 cli/build/
+cli/dist/
 dev/test-nodes/*.log
 
 # Local test fixtures and E2E testing