fix(auth): switch to K8s Redis, add claude.ai/chatgpt CORS origins

- REDIS_URL → K8s ClusterIP with auth (fixes silent hang on host Redis)
- Socket timeouts (connectTimeout 3s, socketTimeout 5s) on Redis client
- Add claude.ai, chatgpt.com, chat.openai.com to CORS allowlist
- Update hermes-mcp image SHA (includes above changes)
- Add squaremcp-broker-demo.mp4 to site Dockerfile; bump site image SHA

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

hermes-k8s.yaml

@@ -22,7 +22,7 @@ spec:
         fsGroup: 1000
       containers:
         - name: hermes-mcp
-          image: localhost:32000/hermes-mcp@sha256:b566707150fb4dd3f566b5c258d6f4d0ed8bf5c4405321268dfc647afa0ddda2
+          image: localhost:32000/hermes-mcp@sha256:b3716e0d7a86ba3b34047b75cd8af91078aaf9a1dcd64760bd238f358fb79e3f
           imagePullPolicy: Always
           securityContext:
             allowPrivilegeEscalation: false
@@ -116,7 +116,7 @@ spec:
             - name: MYSQL_PASSWORD
               value: "fetcherpay"
             - name: REDIS_URL
-              value: "redis://127.0.0.1:6379"
+              value: "redis://:redis_secure_2024@10.152.183.80:6379"
             - name: CREDENTIAL_ENCRYPTION_KEY
               value: "4ef9c48e9f4e5dfa843d4bfcc3a8f69c5ad5738326c8b0e878076853ae4b8416"
             - name: JWT_SECRET