Fix MSAL config: hardcode IDs + pass as Docker build args

NEXT_PUBLIC_* vars are baked at Next.js build time but were not
available during Docker build (web service had no env_file/build args).
Hardcode IDs as fallback in msalConfig.ts, also wire AZURE_AD_*
through Dockerfile ARGs and docker-compose build args.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docker-compose.yml

@@ -72,6 +72,9 @@ services:
     build:
       context: ./frontend
       dockerfile: Dockerfile
+      args:
+        AZURE_AD_TENANT_ID: ${AZURE_AD_TENANT_ID:-e519c2e6-bc6d-4fdf-8d9c-923c2f002385}
+        AZURE_AD_CLIENT_ID: ${AZURE_AD_CLIENT_ID:-9079054c-9620-4757-a256-23413042f1ef}
     ports:
       - "3000:3000"
     environment:

frontend/Dockerfile

@@ -5,6 +5,10 @@ COPY package.json package-lock.json ./
 RUN npm ci
 COPY . .
 ENV API_INTERNAL_URL=http://api:8000
+ARG AZURE_AD_TENANT_ID
+ARG AZURE_AD_CLIENT_ID
+ENV NEXT_PUBLIC_AZURE_TENANT_ID=$AZURE_AD_TENANT_ID
+ENV NEXT_PUBLIC_AZURE_CLIENT_ID=$AZURE_AD_CLIENT_ID
 RUN npm run build
 
 FROM node:20-alpine

frontend/lib/msalConfig.ts

@@ -1,9 +1,14 @@
 import { Configuration, PopupRequest } from '@azure/msal-browser';
 
+const TENANT_ID =
+  process.env.NEXT_PUBLIC_AZURE_TENANT_ID || 'e519c2e6-bc6d-4fdf-8d9c-923c2f002385';
+const CLIENT_ID =
+  process.env.NEXT_PUBLIC_AZURE_CLIENT_ID || '9079054c-9620-4757-a256-23413042f1ef';
+
 export const msalConfig: Configuration = {
   auth: {
-    clientId: process.env.NEXT_PUBLIC_AZURE_CLIENT_ID!,
-    authority: `https://login.microsoftonline.com/${process.env.NEXT_PUBLIC_AZURE_TENANT_ID}`,
+    clientId: CLIENT_ID,
+    authority: `https://login.microsoftonline.com/${TENANT_ID}`,
     redirectUri:
       typeof window !== 'undefined'
         ? `${window.location.origin}/ppt-tool/login`