- write_config(): Replace CHANGEME placeholder on upgrade instead of
skipping entirely; preserve existing real passwords unchanged
- setup_database(): When DB user already exists, recover password from
existing config and sync to PostgreSQL, or generate a fresh password;
fixes crash-loop when config password diverges from PostgreSQL
- generate_jwt_keys(): Regenerate missing verify.pem from existing
signing.pem instead of silently skipping
- Password extraction uses @localhost anchor to correctly handle
passwords containing @ characters
3760e98d6e