fix: add BOOTSTRAP_TOKEN to standalone server env

The cameleer3-server requires CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN
at startup. In standalone mode nothing uses it externally, but the
server's SecurityBeanConfig validates it exists. Generate a random
token in the .env and pass it through.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

installer/install.sh

@@ -642,6 +642,9 @@ CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD}
 SERVER_ADMIN_USER=${ADMIN_USER}
 SERVER_ADMIN_PASS=${ADMIN_PASS}
 
+# Bootstrap token (required by server, not used externally in standalone mode)
+BOOTSTRAP_TOKEN=$(generate_password)
+
 # Docker
 DOCKER_SOCKET=${DOCKER_SOCKET}
 DOCKER_GID=$(stat -c '%g' "${DOCKER_SOCKET}" 2>/dev/null || echo "0")
@@ -1088,6 +1091,7 @@ COMPOSEEOF
       CAMELEER_SERVER_CLICKHOUSE_URL: jdbc:clickhouse://clickhouse:8123/cameleer
       CAMELEER_SERVER_CLICKHOUSE_USERNAME: default
       CAMELEER_SERVER_CLICKHOUSE_PASSWORD: \${CLICKHOUSE_PASSWORD}
+      CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN: \${BOOTSTRAP_TOKEN}
       CAMELEER_SERVER_SECURITY_UIUSER: \${SERVER_ADMIN_USER:-admin}
       CAMELEER_SERVER_SECURITY_UIPASSWORD: \${SERVER_ADMIN_PASS:-admin}
       CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS: \${PUBLIC_PROTOCOL:-https}://\${PUBLIC_HOST:-localhost}