fix(infra): wire AWS_S3_ENABLED + TRACK_STORAGE_BACKEND in prod/staging compose

The prod and staging compose files were passing AWS_S3_ENDPOINT,
AWS_S3_BUCKET, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY but NOT
the two flags that actually activate the routing:
  - AWS_S3_ENABLED      (default false in code → S3 stack skipped)
  - TRACK_STORAGE_BACKEND  (default "local" in code → uploads to disk)

So both prod and staging deploys were silently writing track uploads
to local disk despite the apparent S3 wiring. With blue/green
active/active behind HAProxy, that's an HA bug — uploads on the blue
pod aren't visible to green and vice-versa.

Set both flags in:
  - docker-compose.staging.yml backend service (1 instance)
  - docker-compose.prod.yml backend_blue + backend_green (2 instances,
    same env block via replace_all)

The code already validates on startup that TRACK_STORAGE_BACKEND=s3
requires AWS_S3_ENABLED=true (config.go:1040-1042) so a partial
config now fails-loud instead of falling back to local.

The S3StorageService is already implemented (services/s3_storage_service.go)
and wired into TrackService.UploadTrack via the storageBackend dispatcher
(core/track/service.go:432). HLS segment output remains on the
hls_*_data volume — that's a separate concern (stream server local
write), out of scope for this compose-only fix.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.prod.yml

@@ -181,6 +181,13 @@ services:
       - AWS_ACCESS_KEY_ID=${S3_ACCESS_KEY:?S3_ACCESS_KEY must be set}
       - AWS_SECRET_ACCESS_KEY=${S3_SECRET_KEY:?S3_SECRET_KEY must be set}
       - AWS_REGION=${AWS_REGION:-us-east-1}
+      # v1.0.10 polish: enable the S3 stack and route track uploads through
+      # MinIO end-to-end. Without these two flags, defaults (local +
+      # disabled) win and the AWS_S3_* credentials above are inert. With
+      # blue/green active/active behind HAProxy, local-disk uploads on
+      # one pod are invisible to the other — S3 is required for HA.
+      - AWS_S3_ENABLED=true
+      - TRACK_STORAGE_BACKEND=s3
       - HLS_STREAMING=true
       - HLS_STORAGE_DIR=/data/hls
     volumes:
@@ -236,6 +243,13 @@ services:
       - AWS_ACCESS_KEY_ID=${S3_ACCESS_KEY:?S3_ACCESS_KEY must be set}
       - AWS_SECRET_ACCESS_KEY=${S3_SECRET_KEY:?S3_SECRET_KEY must be set}
       - AWS_REGION=${AWS_REGION:-us-east-1}
+      # v1.0.10 polish: enable the S3 stack and route track uploads through
+      # MinIO end-to-end. Without these two flags, defaults (local +
+      # disabled) win and the AWS_S3_* credentials above are inert. With
+      # blue/green active/active behind HAProxy, local-disk uploads on
+      # one pod are invisible to the other — S3 is required for HA.
+      - AWS_S3_ENABLED=true
+      - TRACK_STORAGE_BACKEND=s3
       - HLS_STREAMING=true
       - HLS_STORAGE_DIR=/data/hls
     volumes:

docker-compose.staging.yml

@@ -77,6 +77,11 @@ services:
       - AWS_ACCESS_KEY_ID=${STAGING_S3_ACCESS_KEY:?STAGING_S3_ACCESS_KEY must be set}
       - AWS_SECRET_ACCESS_KEY=${STAGING_S3_SECRET_KEY:?STAGING_S3_SECRET_KEY must be set}
       - AWS_REGION=us-east-1
+      # v1.0.10 polish: enable the S3 stack and route track uploads through
+      # MinIO end-to-end. Without these two flags, defaults (local +
+      # disabled) win and the AWS_S3_* credentials above are inert.
+      - AWS_S3_ENABLED=true
+      - TRACK_STORAGE_BACKEND=s3
       - HLS_STREAMING=true
       - HLS_STORAGE_DIR=/data/hls
     volumes: