Addresses 11 actionable review comments from the v2.0.0 preparation PR focusing on security hardening, environment reproducibility, and test infrastructure improvements.

Security & Git Hygiene

• Removed committed .env file (conflicts with .gitignore, contains default credentials)
• Fixed ext-PDO → ext-pdo in composer.json (Composer convention)

Docker & CI/CD

• Pinned phpMyAdmin to 5.2 (removed :latest for reproducibility)
• Fixed release workflow git config (user.name set twice instead of user.email)

Test Infrastructure

• Removed redundant require 'vendor/autoload.php' from test files (already bootstrapped)
• Replaced exit(1) with $this->fail() in test setUp (proper PHPUnit error handling)
• Gated debug output behind DBDIFF_DEBUG env var to reduce CI noise

Shell Scripts

• Fixed encoding issue in stop.sh banner (replacement character → emoji)
• Removed local keyword used outside function in start.sh (bash error in interactive mode)

Example of debug output change:

// Before: unconditional noise in CI
echo "\nDEBUG: DB_HOST environment variable: " . $host;

// After: opt-in debugging
if (getenv('DBDIFF_DEBUG') === 'true') {
    echo "\nDEBUG: DB_HOST environment variable: " . $host;
}

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.