feat(livekit): rotate secret + hardcode external_ip + expand UDP range + hygiene

- Rotate API key/secret (previously exposed in agent session, issue 0169)
- Hardcode node_ip + disable use_external_ip (kill Google STUN leak, issue 0167)
- Expand UDP range 50000-50200 -> 50000-50500 (capacity, issue 0168)
- Refresh livekit.example.yaml template + add *.bak.* to gitignore (issue 0170)

Note: live secrets in configs/livekit/livekit.yaml + .env (gitignored)
docker-compose.livekit.yml has pre-existing operator TURN changes (issue 0166) left untouched.

.gitignore

@@ -50,3 +50,4 @@ mas/keys/*
 
 element-call
 
+*.bak.*

configs/livekit/livekit.example.yaml

@@ -5,13 +5,16 @@ port: 7880
 bind_addresses:
   - "0.0.0.0"
 log_level: info
-region: "us-east-1"
+region: "REGION_PLACEHOLDER"
 
 rtc:
   tcp_port: 7881
   port_range_start: 50000
-  port_range_end: 50200
-  use_external_ip: true
+  port_range_end: 50500
+  # Set use_external_ip to false and hardcode node_ip to your public IPv4 to
+  # prevent LiveKit from probing Google STUN at startup.
+  use_external_ip: false
+  node_ip: "PUBLIC_IPV4_PLACEHOLDER"
   force_tcp: false
 
 # Optional TURN forwarding. Enable only if you already operate a TURN server.