fix: handle unreadable admins.json in Docker and exclude from image

Use fs.accessSync to check read permissions before reading the config
file. If the file exists but isn't readable, log a warning and fall
through to the ADMIN_KEY fallback. Also add config/admins.json to
backend/.dockerignore to prevent it from being copied into the image.

Made-with: Cursor

backend/.dockerignore

@@ -0,0 +1,13 @@
+node_modules
+npm-debug.log
+.env
+.env.local
+*.db
+*.sqlite
+*.sqlite3
+data/
+.git
+.gitignore
+README.md
+config/admins.json
+

backend/config/load-admins.js

@@ -3,10 +3,19 @@ const path = require('path');
 
 const DEFAULT_CONFIG_PATH = path.join(__dirname, 'admins.json');
 
+function canRead(filePath) {
+  try {
+    fs.accessSync(filePath, fs.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 function loadAdmins() {
   const configPath = process.env.ADMIN_CONFIG_PATH || DEFAULT_CONFIG_PATH;
 
-  if (fs.existsSync(configPath)) {
+  if (canRead(configPath)) {
     const raw = fs.readFileSync(configPath, 'utf-8');
     const admins = JSON.parse(raw);
 
@@ -35,6 +44,10 @@ function loadAdmins() {
     return admins;
   }
 
+  if (fs.existsSync(configPath) && !canRead(configPath)) {
+    console.warn(`[Auth] Config file exists at ${configPath} but is not readable, skipping`);
+  }
+
   if (process.env.ADMIN_KEY) {
     console.log('[Auth] No admins config file found, falling back to ADMIN_KEY env var');
     return [{ name: 'Admin', key: process.env.ADMIN_KEY }];