fix: disable APP_DEBUG in production, fix .htaccess structure, add .gitignore cleanup

- Set APP_DEBUG=false in .env to prevent stack trace leakage
- Use strict comparison (===) for MD5 password migration check
- Fix duplicate rewrite rules and orphaned closing tag in .htaccess
- Remove leftover test files (cookies.txt, ci_test.txt, test-registration.php)
- Remove duplicate package-lock.json (using yarn only)
- Update .gitignore for above files

public/.htaccess

@@ -44,20 +44,3 @@
 <IfModule mod_deflate.c>
     AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml
 </IfModule>
-
-    RewriteEngine On
-
-    # Handle Authorization Header
-    RewriteCond %{HTTP:Authorization} .
-    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
-    # Redirect Trailing Slashes If Not A Folder...
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_URI} (.+)/$
-    RewriteRule ^ %1 [L,R=301]
-
-    # Send Requests To Front Controller...
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteRule ^ index.php [L]
-</IfModule>