API key management + /api/v1 REST endpoints

You can now generate and revoke API keys directly from your dashboard (Settings → API Keys). Each key has a read-only prefix so you can tell them apart in logs without exposing the secret.

The keys authenticate against a new /api/v1 REST layer:

• GET /api/v1/bots — list your bots
• POST /api/v1/bots/:id/chat — send a message and get a streaming response
• GET /api/v1/bots/:id/conversations — paginated conversation history

Full OpenAPI spec is at /docs/api. Rate limits apply per-key at the same tier as your plan.

Commit: a67f8cd