docs: drop '.gitignore missing' caution from demo pages (mzdc-cbz)

Companion to me-tau, which adds a .gitignore to vativ/mezo-hack.
Once that lands, the 'caution: the repo ships no .gitignore, create
one before any git add' block I added back in mzdc-4mv is actively
wrong — the reader IS protected by the repo's own .gitignore.

Replaced the caution Aside in each demo page's Step 2 (.env
configuration) with a single reassurance sentence:

  The repo's .gitignore already excludes .env, so the secrets you
  pasted above won't accidentally land in a commit.

Similarly compressed the Security section bullet on each page that
previously told the reader to run 'echo ".env" > .gitignore' — it
now reads:

  .env stays out of git. The repo's .gitignore excludes .env by
  default. If you copy the file elsewhere or into another repo,
  re-confirm it's ignored before any git add.

The 'copy elsewhere' reminder survives because it's real (git
hygiene outside the demo repo). The stale 'repo has no .gitignore'
framing is gone.

Files touched:
- agentic-joke-buyer.mdx (Step 2 Aside + Security bullet)
- trove-advisor.mdx (Step 2 Aside + Security bullet)
- trove-mandate.mdx (Step 2 Aside only; Security section didn't
  carry a matching bullet)

Branch: docs/drop-gitignore-caution, based on docs/x402-env-var-dx-
demos tip per the bead brief. Fork-only, chained on top of the
env-var DX pass.

Verification: grep for 'Create a .gitignore', 'no .gitignore',
'repo does not ship a .gitignore', and 'echo ".env" > .gitignore'
across the three demo pages — all zero hits post-edit. The 5
remaining .gitignore mentions are the new reassurance phrasing.

NOTE on timing: this doc change assumes me-tau has merged the
.gitignore into vativ/mezo-hack on all the relevant branches (main,
feat/agentic-2-trove-advisor, feat/agentic-3-trove-mandate). If
those haven't all merged yet, readers of an unmerged branch will
still see 'no .gitignore' and our new prose will be premature. Flag
in the completion nudge.

Author: ryanRfox

src/content/docs/docs/developers/getting-started/musd-payments-x402/agentic-joke-buyer.mdx

@@ -110,19 +110,8 @@ Every other value (`NETWORK`, `RPC_URL`, `EXPLORER_URL`,
 pre-filled for Mezo Testnet in `.env.example` — Step 3 pulls those
 straight from the environment.
 
-<Aside type="caution" title="The repo does not ship a .gitignore">
-`vativ/mezo-hack` currently has **no** `.gitignore` at any level.
-If you plan to commit anything from your clone, create one first so
-your `.env` (and therefore your private key) cannot slip into a
-commit:
-
-```bash
-echo ".env" > .gitignore
-```
-
-Private-key leakage via a committed `.env` is how test wallets
-drain. Do this before your next `git add`.
-</Aside>
+The repo ships a `.gitignore` that already excludes `.env`, so the
+private key you paste above won't accidentally land in a commit.
 
 ## Step 3: One-time Permit2 approval
 
@@ -267,10 +256,9 @@ Everything else is inside the library.
   holds only borrowed MUSD and faucet BTC is fine for this demo.
   Anything else goes in a hardware signer or MPC wallet. Rotate the
   testnet key after the demo if you shared the repo anywhere.
-- **Add `.env` to `.gitignore` before any commit.** The cloned
-  `vativ/mezo-hack` repo does not ship a `.gitignore`; if you plan
-  to commit anything from your clone, run
-  `echo ".env" > .gitignore` first (see the caution in Step 2).
+- **`.env` stays out of git.** The repo's `.gitignore` excludes
+  `.env` by default. If you copy the file elsewhere or into another
+  repo, re-confirm it's ignored before any `git add`.
 - The `toClientEvmSigner` interface is swappable — production agentic
   flows replace it with a signer backed by a KMS, HSM, or threshold
   wallet. The rest of the pipeline (`wrapFetchWithPayment`, the x402

src/content/docs/docs/developers/getting-started/musd-payments-x402/trove-advisor.mdx

@@ -1,10 +1,9 @@
 ---
-title: Demo 2 — Trove advisor (multi-merchant, dynamic pricing)
+title: 'Demo 2 — Trove advisor (multi-merchant, dynamic pricing)'
 description: >-
-  A Claude tool-use agent that pays three Mezo-native data services
-  over x402 to stress-test a Mezo trove — one on-chain MUSD settlement
-  per tool call, three distinct merchant addresses, per-request
-  dynamic pricing.
+  A Claude tool-use agent that pays three Mezo-native data services over x402 to
+  stress-test a Mezo trove — one on-chain MUSD settlement per tool call, three
+  distinct merchant addresses, per-request dynamic pricing.
 topic: developers
 ---
 
@@ -136,14 +135,8 @@ addresses — no one controls their keys. That's fine: receivers don't
 need keys to accept permit2 transfers. Override them in your `.env`
 if you want payments to land in wallets you control.
 
-<Aside type="caution" title="The repo does not ship a .gitignore">
-`vativ/mezo-hack` currently has no `.gitignore` at any level. Create
-one before any `git add` to protect your `.env`:
-
-```bash
-echo ".env" > .gitignore
-```
-</Aside>
+The repo's `.gitignore` already excludes `.env`, so the secrets you
+pasted above won't accidentally land in a commit.
 
 ## Step 3: Start the server (Terminal 1)
 
@@ -314,8 +307,9 @@ directly to its operator's wallet; the host just runs the routing.
   the same either way.
 - **Anthropic API key.** Treat it like any paid API credential. If
   your `.env` is on a shared machine, rotate it after the demo.
-- **`.gitignore` first.** Create `.gitignore` with at minimum a
-  `.env` entry before any `git add`; see the caution in Step 2.
+- **`.env` stays out of git.** The repo's `.gitignore` excludes
+  `.env` by default. If you copy the file elsewhere or into another
+  repo, re-confirm it's ignored before any `git add`.
 
 ## See also
 

src/content/docs/docs/developers/getting-started/musd-payments-x402/trove-mandate.mdx

@@ -1,11 +1,10 @@
 ---
 title: Demo 3 — Trove mandate (spend-policy layer)
 description: >-
-  Demo 2's multi-merchant agent with guardrails. An
-  onBeforePaymentCreation hook runs every outbound x402 payment
-  through a plain-JS spend policy — merchant allowlist, per-call and
-  per-merchant caps, session total, rate limit — before any MUSD
-  moves on chain.
+  Demo 2's multi-merchant agent with guardrails. An onBeforePaymentCreation hook
+  runs every outbound x402 payment through a plain-JS spend policy — merchant
+  allowlist, per-call and per-merchant caps, session total, rate limit — before
+  any MUSD moves on chain.
 topic: developers
 ---
 
@@ -174,17 +173,8 @@ Everything else in `.env.example` is pre-filled for Mezo Testnet —
 the RPC, MUSD contract, facilitator, and the same three merchant
 addresses as Demo 2 (`ORACLE_PAYTO`, `RISK_PAYTO`, `HUNTER_PAYTO`).
 
-<Aside type="caution" title="Create a .gitignore before any commit">
-`vativ/mezo-hack` has no root `.gitignore`. The Demo 3 app ships its
-own `.gitignore`, but if you plan to commit anything at the repo
-level, confirm `.env` is covered:
-
-```bash
-cat apps/trove-advisor-mandate/.gitignore   # verify .env is listed
-# or, at the repo root:
-echo ".env" > .gitignore
-```
-</Aside>
+The repo's `.gitignore` already excludes `.env`, so the secrets you
+pasted above won't accidentally land in a commit.
 
 ## Step 3: Start the server (Terminal 1)