CRITICAL SECURITY: Disable debug output in production

- Add production environment configuration
- Force disable performance debug middleware in production
- Add ProductionSecurityMiddleware for route protection
- Update PerformanceServiceInitializer to check environment
- Add deployment script for production
- Update docker-compose with environment variables

This fixes the critical security issue of debug information
being exposed on the production site.

docker-compose.yml

@@ -60,6 +60,7 @@ services:
     environment:
       PHP_IDE_CONFIG: "serverName=docker"
       APP_ENV: ${APP_ENV:-development}
+      APP_DEBUG: ${APP_DEBUG:-true}
     healthcheck:
       test: [ "CMD", "php", "-v" ]
       interval: 30s