Add GrampsWeb admin user creation to production compose (STI-90)

Add startup script that creates an admin user on first boot when no
users exist yet. Uses the same approach as compose.dev.yml. Credentials
are configurable via GRAMPSWEB_ADMIN_EMAIL and GRAMPSWEB_ADMIN_PASSWORD
environment variables with secure defaults.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compose.yml

@@ -215,6 +215,33 @@ services:
       GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://redis:6379/0"
       GRAMPSWEB_RATELIMIT_STORAGE_URI: "redis://redis:6379/1"
       GRAMPSWEB_BASE_URL: ${GRAMPSWEB_BASE_URL:-https://ahnenforschung.vhtv-stiftung.de}
+      GRAMPSWEB_ADMIN_EMAIL: ${GRAMPSWEB_ADMIN_EMAIL:-admin@vhtv-stiftung.de}
+      GRAMPSWEB_ADMIN_PASSWORD: ${GRAMPSWEB_ADMIN_PASSWORD:-nHcPMjEKORwqGxEO}
+    command:
+      - sh
+      - -c
+      - |
+        echo "[grampsweb] Ensuring admin user exists ..."
+        python3 << 'PYEOF' 2>&1 | grep -v Gtk
+        from gramps_webapi.app import create_app
+        from gramps_webapi.auth import add_user, get_number_users, ROLE_OWNER
+        import os
+        email = os.environ.get('GRAMPSWEB_ADMIN_EMAIL', '')
+        pw = os.environ.get('GRAMPSWEB_ADMIN_PASSWORD', '')
+        if email and pw:
+            app = create_app()
+            with app.app_context():
+                if get_number_users() == 0:
+                    add_user(name='Admin', email=email, password=pw, role=ROLE_OWNER)
+                    print('[grampsweb] Admin user created')
+                else:
+                    print('[grampsweb] Users already exist, skipping')
+        else:
+            print('[grampsweb] No admin credentials configured, skipping')
+        PYEOF
+        exec gunicorn -w $${GUNICORN_NUM_WORKERS:-4} -b 0.0.0.0:5000 \
+          gramps_webapi.wsgi:app --timeout $${GUNICORN_TIMEOUT:-120} \
+          --limit-request-line 8190
     volumes:
       - gramps_users:/app/users
       - gramps_index:/app/indexdir