feat: add nginx reverse proxy and Let's Encrypt TLS setup

- Add nginx config for SSL termination and HTTP->HTTPS redirect
- Add init-letsencrypt.sh script for automated certificate provisioning
- Update docker-compose.yml: add nginx service, expose web on internal port only
- Fix Evotor OAuth token exchange: move client credentials to form body
- Add request logging for token exchange errors
- Update BASE_URL to https://evosync.ru and set default in docker-compose
- Add refresh_token field to EvotorConnection model

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

docker-compose.yml

@@ -5,16 +5,21 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.web
-    ports:
-      - "8080:8000"
+    expose:
+      - "8000"
     environment:
       - DATABASE_URL=mysql+pymysql://${DB_USER}:${DB_PASSWORD}@172.25.0.1:3306/${DB_NAME}
       - SECRET_KEY=${SECRET_KEY:-change-me-in-production}
-      - BASE_URL=${BASE_URL:-http://localhost:8080}
+      - BASE_URL=${BASE_URL:-https://evosync.ru}
+      - EVOTOR_CLIENT_ID=${EVOTOR_CLIENT_ID}
+      - EVOTOR_CLIENT_SECRET=${EVOTOR_CLIENT_SECRET}
+      - VK_CLIENT_ID=${VK_CLIENT_ID}
+      - VK_CLIENT_SECRET=${VK_CLIENT_SECRET}
     volumes:
       - ./web:/app/web
       - ./alembic.ini:/app/alembic.ini
       - ./docker-entrypoint.sh:/app/docker-entrypoint.sh
+    restart: unless-stopped
 
   # sync:
   #   build: