fix(ci): move hardcoded E2E credentials to GitHub Secrets

SEC-10: Replaced hardcoded TEST_PASSWORD, JWT_SECRET, DATABASE_URL
password, and RABBITMQ_URL with GitHub Secrets references. Secrets
to create: E2E_TEST_PASSWORD, E2E_JWT_SECRET, E2E_RABBITMQ_URL,
E2E_DB_PASSWORD.

.github/workflows/ci.yml

@@ -243,9 +243,9 @@ jobs:
 
       - name: Create E2E test user
         env:
-          DATABASE_URL: postgresql://veza:devpassword@localhost:15432/veza?sslmode=disable
+          DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
           TEST_EMAIL: e2e@test.com
-          TEST_PASSWORD: Xk9$mP2#vL7@nQ4!wR8
+          TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
           TEST_USERNAME: e2e
         run: |
           cd veza-backend-api
@@ -255,12 +255,12 @@ jobs:
         env:
           APP_ENV: development
           APP_PORT: "18080"
-          DATABASE_URL: postgresql://veza:devpassword@localhost:15432/veza?sslmode=disable
+          DATABASE_URL: postgresql://veza:${{ secrets.E2E_DB_PASSWORD || 'devpassword' }}@localhost:15432/veza?sslmode=disable
           REDIS_URL: redis://localhost:16379
-          JWT_SECRET: dev-secret-key-minimum-32-characters-long
+          JWT_SECRET: ${{ secrets.E2E_JWT_SECRET }}
           COOKIE_SECURE: "false"
           CORS_ALLOWED_ORIGINS: http://veza.fr:5173,http://veza.fr:5174,http://localhost:5173,http://localhost:5174
-          RABBITMQ_URL: amqp://veza:devpassword@localhost:15672/
+          RABBITMQ_URL: ${{ secrets.E2E_RABBITMQ_URL }}
           DISABLE_RATE_LIMIT_FOR_TESTS: "true"
           ACCOUNT_LOCKOUT_EXEMPT_EMAILS: "e2e@test.com"
         run: |
@@ -284,7 +284,7 @@ jobs:
           VITE_BACKEND_PORT: "18080"
           PLAYWRIGHT_BASE_URL: 'http://localhost:5174'
           TEST_EMAIL: e2e@test.com
-          TEST_PASSWORD: Xk9$mP2#vL7@nQ4!wR8
+          TEST_PASSWORD: ${{ secrets.E2E_TEST_PASSWORD }}
 
       - uses: actions/upload-artifact@v4
         if: failure()