feat: Support env-file for secrets injection

[initcron]

Summary

Support loading environment variables from .env files for secrets injection into MCP servers.

Parent Epic

Part of #1 - Production Kubernetes & Container Support

Motivation

Currently, secrets must be passed via environment variables in the shell or hardcoded in catalog.yaml. Supporting .env files provides:

• Separation of secrets from configuration
• Easier local development
• Compatibility with existing workflows
• Better security (can be gitignored)

Proposed Syntax

Catalog Entry

servers:
  - id: github-mcp
    runtime:
      type: local-process
      command: github-mcp
    env_file: .env.github
    env:
      # Additional env vars (can reference env_file vars)
      LOG_LEVEL: debug

Multiple Files

servers:
  - id: multi-secret-server
    env_files:
      - .env.common
      - .env.database
      - .env.api-keys
    env:
      OVERRIDE: value

Implementation Details

Load Order

1. Parent process environment
2. env_file(s) in order specified
3. Explicit env map
4. Later values override earlier ones

File Format

Standard .env format:

# Comments supported
DATABASE_URL=postgresql://localhost/db
API_KEY="quoted values work"
MULTILINE="line1\nline2"

Security Considerations

• Files must be readable by gateway process
• Warn if file has loose permissions (not 0600)
• Support ${VAR} interpolation within env files

Acceptance Criteria

• env_file key loads .env format files
• env_files key supports multiple files
• Variables are injected into server process
• Works with local-process runtime
• Works with docker runtime
• Warning logged for insecure file permissions
• Error if file not found (unless marked optional)

References

• dotenv crate
• dotenvy crate (maintained fork)