feat: Make OAuth configuration environment-aware via NEXT_PUBLIC_APP_URL

- Convert client-metadata.json to dynamic API route reading from env vars
- Remove BLUESKY_CLIENT_ID and BLUESKY_REDIRECT_URI env vars
- All OAuth URLs now derived from NEXT_PUBLIC_APP_URL
- Implement production OAuth client (removes TODO/placeholder)
- Update .prod.env with production settings for www.ponderants.com
- Use https:// for production URLs
- Simplify environment configuration (single source of truth)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

public/client-metadata.json

@@ -1,20 +0,0 @@
-{
-  "client_id": "https://www.ponderants.com/client-metadata.json",
-  "client_name": "Ponderants",
-  "client_uri": "https://www.ponderants.com",
-  "logo_uri": "https://www.ponderants.com/logo.svg",
-  "redirect_uris": [
-    "https://www.ponderants.com/api/auth/callback"
-  ],
-  "scope": "atproto transition:generic",
-  "grant_types": [
-    "authorization_code",
-    "refresh_token"
-  ],
-  "response_types": [
-    "code"
-  ],
-  "token_endpoint_auth_method": "none",
-  "application_type": "web",
-  "dpop_bound_access_tokens": true
-}