Document security and credential management in main docs

Updated README.md:
- Added prominent security warning about config.yaml containing secrets
- Clarified that config.yaml is gitignored and never committed
- Added step-by-step Quick Start with security notes
- Added "Security Note" section listing protected files
- Added Documentation section linking to all guides including SECURITY.md
- Added note about API keys stored in ~/.llm/keys.json

Updated QUICKSTART.md:
- Added security warning box when copying config.yaml
- Explained that file contains secrets and is gitignored
- Added reference to SECURITY.md for complete guidance

Updated MASTODON_SETUP.md:
- Added prominent link to SECURITY.md at top of Security Considerations
- Clarified that credential files are gitignored
- Added note about *_clientcred.secret and *_usercred.secret files

All documentation now clearly explains:
- Where secrets go (config.yaml, ~/.llm/keys.json)
- What's protected by .gitignore
- Where to find complete security information (SECURITY.md)
- How to safely configure the bot

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

QUICKSTART.md

@@ -32,11 +32,16 @@ pip install -e .
 # Copy example config
 cp config/config.example.yaml config/config.yaml
 
-# Edit with your settings
-# At minimum, update the AI model configuration
+# Edit with your credentials and settings
 nano config/config.yaml
 ```
 
+**⚠️ IMPORTANT - Security Notice**:
+- `config/config.yaml` contains your secrets (API tokens, passwords)
+- This file is automatically gitignored - it will NEVER be committed
+- Never share this file or commit it to version control
+- See [SECURITY.md](SECURITY.md) for complete security guidance
+
 For local models with Ollama:
 ```yaml
 ai: