security: remove all hardcoded API keys, require from environment

docs/reports/AITBC_PAYMENT_ARCHITECTURE.md

@@ -98,7 +98,7 @@ CREATE TABLE job_payments (
 ### 1. Client Creates Job
 ```bash
 curl -X POST http://localhost:18000/v1/jobs \
-  -H "X-Api-Key: REDACTED_CLIENT_KEY" \
+  -H "X-Api-Key: ${CLIENT_API_KEY}" \
   -H "Content-Type: application/json" \
   -d '{
     "payload": {
@@ -124,7 +124,7 @@ curl -X POST http://localhost:18000/v1/jobs \
 ### 3. Job Completion & Payment Release
 ```bash
 curl -X POST http://localhost:18000/v1/payments/pay456/release \
-  -H "X-Api-Key: REDACTED_CLIENT_KEY" \
+  -H "X-Api-Key: ${CLIENT_API_KEY}" \
   -d '{"job_id": "abc123", "reason": "Job completed"}'
 ```
 

docs/reports/INTEGRATION_TEST_FIXES.md

@@ -22,7 +22,7 @@
 
 ### 4. Missing API Keys
 - **Problem**: Some requests were missing the required `X-Api-Key` header
-- **Solution**: Added `X-Api-Key: REDACTED_CLIENT_KEY` to all requests
+- **Solution**: Added `X-Api-Key: ${CLIENT_API_KEY}` to all requests
 
 ### 5. Non-existent Endpoints
 - **Problem**: Tests were calling endpoints that don't exist (e.g., `/v1/jobs/{id}/complete`)

docs/reports/TESTING_STATUS_REPORT.md

@@ -112,9 +112,9 @@ python -m pytest -m integration
 
 ### Authentication Issues?
 - Use correct API keys:
-  - Client: `REDACTED_CLIENT_KEY`
-  - Miner: `REDACTED_MINER_KEY`
-  - Admin: `REDACTED_ADMIN_KEY`
+  - Client: `${CLIENT_API_KEY}`
+  - Miner: `${MINER_API_KEY}`
+  - Admin: `${ADMIN_API_KEY}`
 
 ## 📝 Next Steps