fix(gateway): remove no-verify SSL context from proxy (#7)

All internal services use plain HTTP (Docker network). The
_internal_ssl_ctx with disabled cert verification was a no-op
for HTTP URLs but suggested TLS bypass was in use.

- Removed _internal_ssl_ctx from config.py
- Removed ssl import from config.py
- proxy.py now calls urlopen() without context parameter
- External calls (OpenAI, SMTP2GO, Open Library) already use
  default TLS verification

Verified: dashboard, trips, fitness, budget, inventory all respond correctly.

gateway/config.py

@@ -3,7 +3,6 @@ Platform Gateway — Configuration constants and environment variables.
 """
 
 import os
-import ssl
 from pathlib import Path
 
 # ── Server ──
@@ -62,9 +61,7 @@ SESSION_MAX_AGE = int(os.environ.get("SESSION_MAX_AGE", 30 * 86400))  # 30 days
 # ── Ensure data dir exists ──
 DATA_DIR.mkdir(parents=True, exist_ok=True)
 
-# ── SSL contexts ──
-# Internal: skip verification for Docker-internal services (no valid certs)
-_internal_ssl_ctx = ssl.create_default_context()
-_internal_ssl_ctx.check_hostname = False
-_internal_ssl_ctx.verify_mode = ssl.CERT_NONE
+# Note: All internal services use plain HTTP (Docker network).
+# No custom SSL context needed. External calls (OpenAI, SMTP2GO, Open Library)
+# use default TLS verification.