Fix: Add missing SECRET_KEY and ALTCHA_HMAC_KEY to docker.env

[paarthbhatt]

Using the docker compose setup fails locally because SECRET_KEY and ALTCHA_HMAC_KEY are missing from docker.env.
This PR adds default values ("secret") to docker.env to ensure the local docker environment starts correctly out of the box.

Note: Line ending fixes are being handled in separate PR #2114.

[Copilot]

Pull request overview

This PR addresses a critical issue where the Docker Compose setup fails locally due to missing required environment variables SECRET_KEY and ALTCHA_HMAC_KEY in the docker.env file. The PR adds these variables with default values of "secret" to enable the Docker environment to start successfully out of the box.

Changes:

• Added SECRET_KEY=secret to docker.env
• Added ALTCHA_HMAC_KEY=secret to docker.env

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The docker.env file now contains security-sensitive default values (SECRET_KEY and ALTCHA_HMAC_KEY) but lacks a warning comment about not using these values in production. The SECRET_KEY is critical for Django's cryptographic signing and session management. Consider adding a comment at the top of the file warning users to generate proper secret keys for production use, similar to the SECURITY WARNING comments in vulnerablecode/settings.py. This would help prevent accidental use of weak default values in production environments.

[keshav-space]

@paarthbhatt did you even put in the basic effort to go through our README? There are clear instructions on how to run VulnerableCode in docker see https://github.com/aboutcode-org/vulnerablecode?tab=readme-ov-file#run-with-docker. You are supposed to run make envfile before running the docker commands, which takes care of these secret keys. Please do not waste the time of maintainers with sloppy PR.