chore: rename quicproquo → quicprochat in docs, Docker, CI, and packaging

Rename all project references from quicproquo/qpq to quicprochat/qpc
across documentation, Docker configuration, CI workflows, packaging
scripts, operational configs, and build tooling.

- Docker: crate paths, binary names, user/group, data dirs, env vars
- CI: workflow crate references, binary names, artifact names
- Docs: all markdown files under docs/, SDK READMEs, book.toml
- Packaging: OpenWrt Makefile, init script, UCI config (file renames)
- Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team
- Operations: Prometheus config, alert rules, Grafana dashboard
- Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths
- Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md

docs/PRODUCTION-READINESS-AUDIT.md

@@ -1,6 +1,6 @@
 # Production Readiness Audit
 
-This document summarizes issues and fixes needed to get quicproquo production-ready, based on a codebase review. It aligns with the existing [Production Readiness WBS](src/roadmap/production-readiness.md) and [Coding Standards](src/contributing/coding-standards.md).
+This document summarizes issues and fixes needed to get quicprochat production-ready, based on a codebase review. It aligns with the existing [Production Readiness WBS](src/roadmap/production-readiness.md) and [Coding Standards](src/contributing/coding-standards.md).
 
 ---
 
@@ -10,7 +10,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re
 
 - **README and example config** use `auth_token = "devtoken"` and `db_key = ""`.
 - **Risk:** Deploying with default/example config allows weak or no auth and unencrypted DB.
-- **Fix:** Require explicit `QPQ_AUTH_TOKEN` (or config) in production; reject empty or `"devtoken"` when a production mode/env is set. Document that `db_key` empty disables SQLCipher and is not acceptable for production.
+- **Fix:** Require explicit `QPC_AUTH_TOKEN` (or config) in production; reject empty or `"devtoken"` when a production mode/env is set. Document that `db_key` empty disables SQLCipher and is not acceptable for production.
 
 ### 2. **Database encryption optional**
 
@@ -19,15 +19,15 @@ This document summarizes issues and fixes needed to get quicproquo production-re
 
 ### 3. **Secrets and generated files not ignored**
 
-- **`.gitignore`** does not include `data/`, so `data/server-cert.der`, `data/server-key.der`, and `data/qpq.db` could be committed.
+- **`.gitignore`** does not include `data/`, so `data/server-cert.der`, `data/server-key.der`, and `data/qpc.db` could be committed.
 - **Fix:** Add `data/` (and any other dirs that hold certs, keys, or DBs) to `.gitignore`. Consider adding `*.der` and `*.db` if used only for local/dev.
 
 ### 4. **Dockerfile out of sync with workspace**
 
-- **Workspace** has 5 members including `crates/quicproquo-p2p`.
-- **Dockerfile** only copies 4 crate manifests and creates stub dirs for those 4; it never copies `quicproquo-p2p`.
-- **Result:** `cargo build --release --bin quicproquo-server` can fail (missing workspace member) or behave inconsistently.
-- **Fix:** Add `COPY crates/quicproquo-p2p/Cargo.toml` and a stub `crates/quicproquo-p2p/src` (or equivalent) in the dependency-cache layer so the workspace resolves. Ensure the final `COPY crates/ crates/` still brings in real p2p source.
+- **Workspace** has 5 members including `crates/quicprochat-p2p`.
+- **Dockerfile** only copies 4 crate manifests and creates stub dirs for those 4; it never copies `quicprochat-p2p`.
+- **Result:** `cargo build --release --bin quicprochat-server` can fail (missing workspace member) or behave inconsistently.
+- **Fix:** Add `COPY crates/quicprochat-p2p/Cargo.toml` and a stub `crates/quicprochat-p2p/src` (or equivalent) in the dependency-cache layer so the workspace resolves. Ensure the final `COPY crates/ crates/` still brings in real p2p source.
 
 ### 5. **E2E test failing (rustls CryptoProvider)**
 
@@ -41,7 +41,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re
 
 ### 6. **Panic risk in client RPC path**
 
-- **`quicproquo-client/src/lib.rs`:** `set_auth()` uses `.expect("init_auth must be called with a non-empty token before RPCs")`. If RPC is called without `init_auth`, the process panics.
+- **`quicprochat-client/src/lib.rs`:** `set_auth()` uses `.expect("init_auth must be called with a non-empty token before RPCs")`. If RPC is called without `init_auth`, the process panics.
 - **Fix:** Replace with a `Result` or an error return (e.g. a dedicated error type) so callers get a recoverable error instead of a panic. Document that `init_auth` must be called before RPCs.
 
 ### 7. **Mutex `.unwrap()` in production paths**
@@ -95,7 +95,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re
 ### 15. **Docker image runs as `nobody`**
 
 - **Dockerfile** uses `USER nobody`. Good for not running as root, but `nobody` may not have a writable home or data dir.
-- **Fix:** Ensure `QPQ_DATA_DIR` (and cert paths) point to a directory writable by `nobody`, or create a dedicated user/group with a known UID and use that in the Dockerfile and docs.
+- **Fix:** Ensure `QPC_DATA_DIR` (and cert paths) point to a directory writable by `nobody`, or create a dedicated user/group with a known UID and use that in the Dockerfile and docs.
 
 ---