fix: some issue after deploying apps

[GTPSHAX]

Summary

This PR introduces several improvements and standardizations across both the API and Web applications, focusing on environment variable management, CORS handling, deployment configuration, and security headers. The main goals are to make CORS configuration more flexible, unify environment variable usage, enhance deployment compatibility, and improve security policies.

Key Changes

• Environment Variable Standardization: Replaced APP_ORIGIN_URL and OPENAI_API_BASE_URL with APP_ORIGIN_HOSTS (comma-separated for CORS origins) and OPENAI_BASE_URL, updating all relevant .env examples and schemas.
• CORS and Middleware Enhancements: Refactored CORS middleware to support multiple allowed origins and updated Helmet configurations to include trusted CDN hosts and dynamic connect-src based on APP_API_BASE_URL.
• Deployment and Startup Improvements: Added boot.js entry points to ensure consistent dotenv loading and updated package.json scripts to use these entry points.
• Vercel Integration: Added vercel.json configuration for the API application to support seamless deployment on Vercel with specific build and rewrite rules.
• Path Resolution Fixes: Corrected path resolution in the stripconsole.js middleware using __dirname to ensure public assets are located correctly.

Why this is necessary

As the project scales and moves toward varied deployment environments, the current monolithic and rigid configuration becomes a bottleneck. This update allows for:

1. Flexible Environment Handling: Supporting multiple CORS origins and unified naming conventions reduces configuration errors across different stages (dev, staging, prod).
2. Enhanced Security: Moving to a dynamic Content Security Policy (CSP) and more granular Helmet settings protects the application against modern web vulnerabilities.
3. Deployment Reliability: Standardized boot sequences via boot.js and dedicated Vercel configurations ensure the apps run consistently regardless of the hosting provider.

How to Test

1. Environment Setup: Update your .env file to replace APP_ORIGIN_URL with APP_ORIGIN_HOSTS (e.g., localhost,myapp.com).
2. Verify Boot Sequence: Run npm install and then npm run dev or npm start to ensure boot.js correctly initializes the environment variables.
3. CORS Validation: Trigger API requests from multiple origins listed in your APP_ORIGIN_HOSTS to verify that headers are being set correctly and debug logs are accurate.
4. Check Security Headers: Inspect the network tab in your browser to confirm that the Content-Security-Policy and X-Frame-Options reflect the new Helmet configurations.