Add HTTPS demo entry for microphone access

- Add a self-signed HTTPS Nginx entrypoint on Docker port 4443 so browser microphone APIs can run in demo mode.

- Keep the existing HTTP port 4002 unchanged while exposing container port 443 and generating the demo certificate during image build.

- Update CORS defaults and Compose environment for the HTTPS frontend origin.

- Clarify the report editor microphone message with localhost, HTTPS, and browser trusted-origin demo options.

- Document the browser HTTP microphone limitation, HTTPS demo URL, and Chrome/Edge insecure-origin workaround in README and docs.

docker-compose.yaml

@@ -21,7 +21,7 @@ services:
     environment:
       API_PORT: 3100
       API_BODY_LIMIT: 100mb
-      CORS_ORIGIN: http://localhost:4002,http://localhost:3001
+      CORS_ORIGIN: http://localhost:4002,https://localhost:4443,http://localhost:3001
       DATABASE_URL: postgresql://surclaw:surclaw_dev_password@db:5432/surclaw?schema=public
       SESSION_SECRET: change-me-in-production
       SESSION_COOKIE_SECURE: "false"
@@ -41,6 +41,7 @@ services:
     restart: unless-stopped
     ports:
       - "4002:80"
+      - "4443:443"
     depends_on:
       - api