Refine reusable compose deployment template

- Make the default Docker Compose CORS_ORIGIN configurable so public and NAS deployments can override allowed origins without editing the compose file.

- Update the default frpc profile command to call frpc explicitly, matching the snowdreamtech/frpc entrypoint behavior observed in the deployed copy.

- Apply the same explicit frpc command to the NAS compose template.

- Keep real frpc server address and token from the deployed copy out of the reusable template.

docker-compose-Nas.yaml

@@ -105,7 +105,7 @@ services:
     container_name: tuwen_frpc
     restart: unless-stopped
     network_mode: host
-    command: ["-c", "/etc/frp/frpc.toml"]
+    command: ["frpc", "-c", "/etc/frp/frpc.toml"]
     volumes:
       - ./frpc/frpc.toml:/etc/frp/frpc.toml:ro
     depends_on:

docker-compose.yaml

@@ -26,7 +26,7 @@ services:
     environment:
       API_PORT: 3100
       API_BODY_LIMIT: 100mb
-      CORS_ORIGIN: http://localhost:4002,https://localhost:4443,http://localhost:3001
+      CORS_ORIGIN: ${CORS_ORIGIN:-http://localhost:4002,https://localhost:4443,http://localhost:3001}
       DATABASE_URL: postgresql://surclaw:surclaw_dev_password@db:5432/surclaw?schema=public
       # XXX Public HTTPS reverse-proxy deployments can override these from the shell or .env.
       SESSION_SECRET: ${SESSION_SECRET:-change-me-in-production}
@@ -73,7 +73,7 @@ services:
     container_name: tuwen_frpc
     restart: unless-stopped
     network_mode: host
-    command: ["-c", "/etc/frp/frpc.toml"]
+    command: ["frpc", "-c", "/etc/frp/frpc.toml"]
     volumes:
       - ./frpc/frpc.toml:/etc/frp/frpc.toml:ro
     depends_on: