chore(compose): add hardened docker-compose.yml and .env.example

[xxcode2]

Summary

• Added a new docker-compose.yml with safer defaults:

  • Run as non-root user
  • Restricted HTTP hosts (configurable via env)
  • Read-only filesystem, tmpfs /tmp, no-new-privileges
  • Mount ./config and ./data for persistence

• Included .env.example for easier configuration and onboarding.

• Added .gitignore to exclude local data, env, and OS cruft.

• Added LICENSE.md (Apache-2.0 by default).

• Added CONTRIBUTING.md with basic contribution flow and checklist.

Why

This improves developer experience and operator safety:

• Simplifies local setup with a ready .env template
• Reduces risk of accidental public RPC exposure
• Makes it clear how to configure TRACK_SUBNETS, KITE_CHAIN_ID, and IP resolution.

Improves project hygiene and onboarding:

• Clear license terms
• Clear contributing guidelines
• Cleaner repo without local/OS artifacts

Notes

• Existing values (TRACK_SUBNETS, ifconfigme, KITE_CHAIN_ID) are preserved.
• Healthcheck is left commented to avoid assuming curl/wget in the image.
• Defaults restrict RPC access; users must explicitly set ALLOWED_HOSTS if exposing publicly.
• License is Apache-2.0 as a proposal; happy to adjust/remove if project has an internal preference.