feat: API Keys via Umgebungsvariablen konfigurierbar

- Neuer getApiKey() Helper: prüft zuerst ENV-Vars, dann DB
- Alle Job-Routes nutzen getApiKey() statt direktem DB-Lookup
- Credentials-Status berücksichtigt ENV-Vars (Sidebar-Haken)
- .env.local.example: Platzhalter für alle 4 API Keys

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/api/credentials/test/route.ts

@@ -1,17 +1,13 @@
 import { NextRequest, NextResponse } from "next/server";
-import { prisma } from "@/lib/db";
-import { decrypt } from "@/lib/utils/encryption";
+import { getApiKey } from "@/lib/utils/apiKey";
 import axios from "axios";
 
 export async function GET(req: NextRequest) {
   const service = req.nextUrl.searchParams.get("service");
   if (!service) return NextResponse.json({ ok: false, error: "Missing service" }, { status: 400 });
 
-  const cred = await prisma.apiCredential.findUnique({ where: { service } });
-  if (!cred?.value) return NextResponse.json({ ok: false, error: "Not configured" });
-
-  const key = decrypt(cred.value);
-  if (!key) return NextResponse.json({ ok: false, error: "Empty key" });
+  const key = await getApiKey(service);
+  if (!key) return NextResponse.json({ ok: false, error: "Not configured" });
 
   try {
     switch (service) {