Document security and credential management in main docs

Updated README.md:
- Added prominent security warning about config.yaml containing secrets
- Clarified that config.yaml is gitignored and never committed
- Added step-by-step Quick Start with security notes
- Added "Security Note" section listing protected files
- Added Documentation section linking to all guides including SECURITY.md
- Added note about API keys stored in ~/.llm/keys.json

Updated QUICKSTART.md:
- Added security warning box when copying config.yaml
- Explained that file contains secrets and is gitignored
- Added reference to SECURITY.md for complete guidance

Updated MASTODON_SETUP.md:
- Added prominent link to SECURITY.md at top of Security Considerations
- Clarified that credential files are gitignored
- Added note about *_clientcred.secret and *_usercred.secret files

All documentation now clearly explains:
- Where secrets go (config.yaml, ~/.llm/keys.json)
- What's protected by .gitignore
- Where to find complete security information (SECURITY.md)
- How to safely configure the bot

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

README.md

@@ -65,13 +65,42 @@ uv pip install -e .
 uv pip install -e ".[dev]"
 ```
 
-## Configuration
+## Quick Start
 
-1. Copy `config/config.example.yaml` to `config/config.yaml`
-2. Edit with your settings:
-   - Mastodon instance URL and credentials
-   - AI model preferences (local/cloud)
-   - Path to your constitution file
+### 1. Install Dependencies (above)
+
+### 2. Configure (Credentials Required)
+
+```bash
+# Copy the template
+cp config/config.example.yaml config/config.yaml
+
+# Edit with your credentials
+nano config/config.yaml
+```
+
+**⚠️ IMPORTANT**: `config/config.yaml` contains your secrets and is automatically ignored by git. Never commit this file.
+
+Configure:
+- Platform credentials (Mastodon access tokens, Discord bot tokens, etc.)
+- AI model settings (Ollama local models or cloud API keys)
+- Constitution path and database location
+
+For detailed setup instructions:
+- **Mastodon**: See [MASTODON_SETUP.md](MASTODON_SETUP.md)
+- **Security**: See [SECURITY.md](SECURITY.md) for credential management
+
+### 3. Set AI API Keys (if using cloud models)
+
+```bash
+# For OpenAI
+llm keys set openai
+
+# For Anthropic Claude
+llm keys set anthropic
+```
+
+These are stored securely in `~/.llm/keys.json` (also gitignored)
 
 ## Usage
 
@@ -94,6 +123,24 @@ Your constitution should be a markdown file that describes:
 
 See `constitution.md` for an example based on Social.coop's bylaws.
 
+## Documentation
+
+- **[QUICKSTART.md](QUICKSTART.md)** - Get started quickly with CLI testing
+- **[MASTODON_SETUP.md](MASTODON_SETUP.md)** - Complete Mastodon deployment guide
+- **[PLATFORMS.md](PLATFORMS.md)** - Guide for implementing new platform adapters
+- **[SECURITY.md](SECURITY.md)** - Credential management and security best practices
+- **[constitution.md](constitution.md)** - Example governance constitution
+
+## Security Note
+
+**Never commit these files** (already in `.gitignore`):
+- `config/config.yaml` - Contains your credentials
+- `govbot.db` - Your governance database
+- `.env` files - Environment variables
+- `*.token`, `*.key`, `*.secret` files
+
+See [SECURITY.md](SECURITY.md) for complete security guide.
+
 ## Development Status
 
 This is early-stage software. Current phase: Core infrastructure and agentic reasoning engine.
@@ -105,3 +152,5 @@ This is early-stage software. Current phase: Core infrastructure and agentic rea
 ## Contributing
 
 This project is in early development. Contributions and feedback welcome!
+
+**For platform developers**: See [PLATFORMS.md](PLATFORMS.md) to add support for Discord, Telegram, Matrix, or other platforms.