Move explorer AI key loading to secure secrets

scripts/deploy-explorer-ai-to-vmid5000.sh

@@ -11,6 +11,14 @@ TMP_DIR="$(mktemp -d)"
 JWT_SECRET_VALUE="${JWT_SECRET_VALUE:-}"
 EXPLORER_AI_MODEL_VALUE="${EXPLORER_AI_MODEL_VALUE:-grok-3}"
 EXPLORER_DATABASE_URL_VALUE="${EXPLORER_DATABASE_URL_VALUE:-}"
+SECURE_AI_ENV_FILE="${SECURE_AI_ENV_FILE:-$HOME/.secure-secrets/explorer-ai.env}"
+
+if [ -f "$SECURE_AI_ENV_FILE" ]; then
+    set -a
+    # Source the local secrets file so deploys do not depend on repo-stored API keys.
+    source "$SECURE_AI_ENV_FILE"
+    set +a
+fi
 
 cleanup() {
     rm -rf "$TMP_DIR"