fix(deploy): escape shell variables in docker-compose YAML

Shell variables like $SECRETS_DIR in docker-compose command blocks
must be escaped as $$SECRETS_DIR. Without escaping, docker-compose
interprets them as environment variable interpolation and expands
them to empty strings, causing:
- mkdir: cannot create directory ''
- Secrets copied to wrong path (/redis_password instead of /var/www/html/storage/secrets/redis_password)
- PHP TypeError: RedisConfig::__construct() argument #3 must be string, null given

The fix applies $$ escaping to all shell variables in the PHP
service entrypoint script.

docker-compose.staging.yml

@@ -72,39 +72,40 @@ services:
         # Copy Docker Secrets to readable location for www-data
         # Docker Secrets are only readable by root, but PHP (www-data) needs to read them.
         # We copy them here as root to a location where www-data can read them.
+        # Note: Use $$ to escape shell variables in docker-compose YAML
         echo "🔐 Setting up Docker Secrets for PHP access..."
         SECRETS_DIR="/var/www/html/storage/secrets"
         # Ensure we're in the right directory
         cd /var/www/html || exit 1
         # Create secrets directory if it doesn't exist
-        mkdir -p "$SECRETS_DIR"
-        chmod 750 "$SECRETS_DIR"
-        chown www-data:www-data "$SECRETS_DIR"
+        mkdir -p "$$SECRETS_DIR"
+        chmod 750 "$$SECRETS_DIR"
+        chown www-data:www-data "$$SECRETS_DIR"
 
         if [ -f /run/secrets/redis_password ]; then
-          cp /run/secrets/redis_password "$SECRETS_DIR/redis_password" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/redis_password"
-          chown www-data:www-data "$SECRETS_DIR/redis_password"
-          export REDIS_PASSWORD_FILE="$SECRETS_DIR/redis_password"
-          echo "✅ Copied redis_password to $SECRETS_DIR/redis_password"
+          cp /run/secrets/redis_password "$$SECRETS_DIR/redis_password" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/redis_password"
+          chown www-data:www-data "$$SECRETS_DIR/redis_password"
+          export REDIS_PASSWORD_FILE="$$SECRETS_DIR/redis_password"
+          echo "✅ Copied redis_password to $$SECRETS_DIR/redis_password"
         else
           echo "⚠️  Warning: /run/secrets/redis_password not found"
         fi
 
         if [ -f /run/secrets/db_user_password ]; then
-          cp /run/secrets/db_user_password "$SECRETS_DIR/db_user_password" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/db_user_password"
-          chown www-data:www-data "$SECRETS_DIR/db_user_password"
-          export DB_PASSWORD_FILE="$SECRETS_DIR/db_user_password"
-          echo "✅ Copied db_user_password to $SECRETS_DIR/db_user_password"
+          cp /run/secrets/db_user_password "$$SECRETS_DIR/db_user_password" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/db_user_password"
+          chown www-data:www-data "$$SECRETS_DIR/db_user_password"
+          export DB_PASSWORD_FILE="$$SECRETS_DIR/db_user_password"
+          echo "✅ Copied db_user_password to $$SECRETS_DIR/db_user_password"
         fi
 
         if [ -f /run/secrets/app_key ]; then
-          cp /run/secrets/app_key "$SECRETS_DIR/app_key" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/app_key"
-          chown www-data:www-data "$SECRETS_DIR/app_key"
-          export APP_KEY_FILE="$SECRETS_DIR/app_key"
-          echo "✅ Copied app_key to $SECRETS_DIR/app_key"
+          cp /run/secrets/app_key "$$SECRETS_DIR/app_key" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/app_key"
+          chown www-data:www-data "$$SECRETS_DIR/app_key"
+          export APP_KEY_FILE="$$SECRETS_DIR/app_key"
+          echo "✅ Copied app_key to $$SECRETS_DIR/app_key"
         fi