V63 Host Ready Audit

Checked:
- PHP syntax lint on all PHP files: OK
- Main public routes with PHP built-in server: OK
- Auth-protected routes redirect to login instead of throwing errors: OK
- Production error display disabled by default in config/app.php: OK
- Internal folders app, config, database and storage protected by root .htaccess: OK
- public/uploads blocks executable file types: OK
- Upload functions hardened for size and image MIME/extension checks: OK
- Fresh install SQL added: database/install_host_ready_v63.sql
- Existing database update SQL added: database/update_v63_host_ready.sql
- Host installation guide added: README_HOST_INSTALL_V63.md

Tested routes:
/
/events
/courses
/online
/event?demo=0
/event/sessions?demo=0
/event/seats?demo=0&session_id=9001
/artists
/artist?demo=0
/articles
/tickets
/login
/course?demo=4
/course/watch?demo=4
/watch?demo=3
/ticket/verify?code=demo
/admin
/admin/event-form
/producer
/dashboard