Modernize README: drop EOL Ubuntu reference, remove sudo, document env vars

[CryptoJones]

Problem

The README's setup section has several outdated or insecure choices:

• References Ubuntu 20.04 LTS — end-of-life April 2025.
• Uses sudo npm install — installs as root and creates broken ownership in node_modules. Standard practice is project-local install without sudo.
• Uses sudo node server.js — only required because of the hardcoded port 80 (separate issue). Should not be the documented invocation.
• Pastes a literal DB password (Password1) into the setup instructions. Even as an example, this is widely copy-pasted into real deployments.

Scope

• Bump LTS references to a currently-supported Ubuntu (24.04 LTS as of 2026). Note that any recent Linux distro with Node 18+ and Postgres 14+ should work.
• Remove all sudo from npm steps.
• Replace sudo node server.js with npm start and add an npm start script to package.json.
• Move DB credentials to .env referenced from a new Environment Variables section.
• Provide a .env.example with safe placeholder values (changeme, not Password1).
• Add a brief Security note: do not run the API as root in production; front with nginx / Caddy for TLS.

Acceptance criteria

• No sudo anywhere in the recommended quickstart.
• No literal credentials in the README.
• Setup steps work on Ubuntu 24.04 + Node 20.
• Environment Variables section documents PORT, CORS_ORIGIN, DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD.
• .env.example ships with safe placeholder values.

Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/1654/