feat(api): add API key authentication to backend endpoints

Add API key security using fastapi.security.APIKeyHeader to protect /v1/completions and /v1/ocr endpoints. Updated frontend to include X-API-Key header in API requests. Also changed default API base URL from http://149.104.29.239:8001 to https://api.learnteach.tech:8002.

src/components/MilkdownEditor.vue

@@ -233,7 +233,10 @@ const performOCR = async (file, cacheKey, imageHash = '') => {
     try {
       const res = await fetch(OCR_URL, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: { 
+            'Content-Type': 'application/json',
+            'X-API-Key': 'your-secret-key-here'
+        },
         body: JSON.stringify({ 
           image: base64, 
           filename: file.name,