Fix environment variable handling for production deployment

- Update settings.py to support both ALLOWED_HOSTS and DJANGO_ALLOWED_HOSTS
- Add production CSRF_TRUSTED_ORIGINS for vhtv-stiftung.de
- Update env-template.txt with production variable examples
- Improve compatibility between development and production environments

deploy-production/nginx.conf

@@ -9,8 +9,7 @@ server {
     add_header Referrer-Policy "no-referrer-when-downgrade" always;
     add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
 
-    # Rate limiting
-    limit_req_zone $binary_remote_addr zone=one:10m rate=10r/m;
+    # Rate limiting (apply the zone, don't define it here)
     limit_req zone=one burst=20 nodelay;
 
     # Static files