feat: Switch all .env files to use age

default.nix

@@ -46,7 +46,6 @@ let
   
   # Get secret paths from age configuration (if configured)
   envFile = config.age.secrets.usda-vision-env.path or null;
-  azureEnvFile = config.age.secrets.usda-vision-azure-env.path or null;
 in
 
 {
@@ -151,7 +150,7 @@ in
       
       serviceConfig = {
         WorkingDirectory = "/var/lib/supabase";
-        EnvironmentFile="/var/lib/usda-vision/.env";
+        EnvironmentFile = envFile;
         ExecStart = "${pkgs.supabase-cli}/bin/supabase start";
         ExecStop = "${pkgs.supabase-cli}/bin/supabase stop";
         Type = "oneshot";
@@ -191,13 +190,7 @@ in
           cp ${envFile} /var/lib/usda-vision/.env
           chmod 644 /var/lib/usda-vision/.env
         ''}
-        
-        ${lib.optionalString (azureEnvFile != null) ''
-          echo "Copying Azure environment file from ragenix-managed secret..."
-          cp ${azureEnvFile} /var/lib/usda-vision/.env.azure
-          chmod 644 /var/lib/usda-vision/.env.azure
-        ''}
-        
+       
         # Fallback: use example file if no secrets provided
         ${lib.optionalString (envFile == null) ''
           if [ ! -s /var/lib/usda-vision/.env ]; then