Document public reverse proxy deployment

- Add README instructions for deploying the full report system through local Docker port 4002, frpc, Nginx Proxy Manager, and sstwbg.example.com.

- Document required HTTPS, WebSocket, request-size, timeout, health-check, login, AI, video-frame, and speech verification steps.

- Add TRUST_PROXY support so secure session cookies work behind public HTTPS reverse proxies.

- Preserve upstream X-Forwarded-Proto through the container Nginx API proxy.

- Allow Docker Compose session and trust-proxy variables to be overridden for public deployments.

- Update deployment and Docker docs with the same public reverse-proxy guidance.

server/src/main.ts

@@ -15,6 +15,16 @@ const bootstrap = async () => {
   const app = await NestFactory.create(AppModule, { bodyParser: false });
   const port = Number(process.env.API_PORT ?? 3100);
   const bodyLimit = process.env.API_BODY_LIMIT ?? '100mb';
+  const trustProxy = process.env.TRUST_PROXY;
+
+  if (trustProxy && trustProxy !== 'false') {
+    // # XXX Public reverse-proxy deployments need Express to trust X-Forwarded-* headers.
+    const numericTrustProxy = Number(trustProxy);
+    app
+      .getHttpAdapter()
+      .getInstance()
+      .set('trust proxy', trustProxy === 'true' ? 1 : Number.isNaN(numericTrustProxy) ? trustProxy : numericTrustProxy);
+  }
 
   app.setGlobalPrefix('api');
   app.use(json({ limit: bodyLimit }));