security: Remove hardcoded API keys from app.py

[nitinc264]

Currently, sensitive information (like the Google Gemini and OpenWeatherMap API keys) is hardcoded directly in app.py. This is a major security risk and must be fixed.

Why This Is Important:

• It prevents our secret API keys from being exposed in version control (GitHub).
• It reduces the risk of accidental leaks and unauthorized use of our keys.
• It allows for safe deployment and separation of development/production environments.

Tasks:

1. Remove all hardcoded secrets from app.py.
2. Modify the Python code to load these secrets from environment variables (using os.environ.get()).
3. Create a .env.example file in the root directory that shows which variables are needed (but not their values).
4. Update the .gitignore file to ensure the .env file is never tracked.
5. Update the README.md (in the "Installation" section) to explain that users must now create their own .env file from the example.

Acceptance Criteria:

• No secret API keys exist in any tracked source code files.
• The application correctly reads its configuration from environment variables.
• The README.md and .gitignore files are updated accordingly.

[sarika-03]

hey @nitinc264
can you assign this to me ?

[nitinc264]

Hi @sarika-03 , Thanks for the interest.

Since I just assigned you to the Light/Dark Theme (Issue #16), please focus on finishing that one first. We try to keep to the "one issue at a time" rule so everyone gets a chance.

Once you submit the PR for the theme toggle, come back here, and if this is still open, it's all yours! 🚀