fix(security): apply security hardening recommendations from audit

This commit implements several security enhancements based on the findings of a new security audit report, which has also been added to the documentation.

- **Security Headers:** Adds a strict Content-Security-Policy (CSP) and other security headers (X-Content-Type-Options, Referrer-Policy) via Nuxt route rules.
- **Production Hardening:** Disables Nuxt DevTools in production environments to reduce the attack surface.
- **Mixed Content:** All image assets are now loaded over HTTPS to resolve mixed content issues.
- **Tabnabbing:** Secures `window.open` calls by adding `noopener,noreferrer`.
- **Configuration:** Updates `.gitignore` to ignore all `.env.*` files.
- **Docs:** Adds the full security audit report for reference.
- **Build:** Corrects a case-sensitive import path to ensure cross-platform build compatibility.

content.config.ts

@@ -1,5 +1,5 @@
 import { defineContentConfig, defineCollection, z } from "@nuxt/content";
-import { PricingPlanPropsSchema } from "./app/schemas/PricingPlanSchema";
+import { PricingPlanPropsSchema } from "./app/schemas/pricingPlanSchema";
 
 const defineIndexSchema = () =>
   z.object({