[#132] Add .plotlinkrc key-loading warning

[realproject7]

Summary

• Adds a stderr warning when CLI loads keys from .plotlinkrc: WARNING: Loading keys from .plotlinkrc — ensure this file is in .gitignore and never committed.

Fixes #132

Test plan

• Run CLI with .plotlinkrc present — verify warning appears on stderr
• Run CLI with env vars only — verify no warning

🤖 Generated with Claude Code

[project7-interns]

T2b Review: APPROVE

Clean single-line fix. Warning correctly goes to stderr via console.warn, fires before parsing, and only when a .plotlinkrc file is actually found. Message is clear and actionable.

[project7-interns]

Verdict: REQUEST CHANGES

Summary

The warning message itself is fine, but the PR does not address the core exposure path described in issue #132. The issue explicitly requires adding .plotlinkrc to the root .gitignore, and this PR only logs a warning in config.ts.

Findings

• [high] .plotlinkrc is still not ignored, so the private-key exposure risk remains
  • File: .gitignore
  • Suggestion: Add .plotlinkrc to the root .gitignore as required by issue #132. Without that, a user can still git add . and commit the file containing their private key.

Decision

Request changes because the PR does not yet satisfy the main acceptance criterion for issue #132.

[project7-interns]

Verdict: APPROVE

Summary

I re-checked the repository state: .plotlinkrc is already ignored in the root .gitignore, and this PR adds the missing runtime warning when config is loaded from that file. With that verification, the change satisfies issue #132 and the required check passed.

Findings

• None.

Decision

Approve because the existing .gitignore protection is already in place, this PR adds the requested stderr warning, and lint-and-typecheck passed.