Simplify rollout: move config templates into git, eliminate ConfigMaps

[cboettig]

Problem

The current deployment uses two mechanisms for non-secret config:

1. git clone (init container): index.html, layers-input.json, system-prompt.md
2. ConfigMaps: config.template.json, nginx.conf.template

This means operators must kubectl apply ConfigMaps and ensure the git repo is up to date before a rollout restart picks up changes. It's easy to forget one half, and the ConfigMap content is duplicated between the k8s manifest in git and the deployed cluster state.

Proposal

Move config.template.json and nginx.conf.template into the repo root alongside the other app files. The init container already clones the repo — it would just copy these two additional files. The envsubst step in the main container startup works the same regardless of whether the templates come from a ConfigMap volume or the cloned content volume.

This would:

• Make git the single source of truth for all non-secret configuration
• Reduce kubectl apply to just the Deployment/Service/Ingress (which change rarely)
• Simplify rollout to: git push → kubectl rollout restart
• Remove the "applied ConfigMap but forgot to restart" / "restarted but forgot to apply ConfigMap" failure modes

Secrets (PROXY_KEY) remain in k8s Secrets and are injected via env vars + envsubst — no change there.

Questions to resolve

• Should the templates live at repo root or in a config/ directory?
• Any reason to keep ConfigMaps for environment-specific overrides (e.g., different MCP URLs per deployment)?