docs(api-gateway): clarify Kong database configuration details

- Added Kong database configuration section to README.md
- Documented that Kong database username and database name are hardcoded as 'kong'
- Clarified that only password is configurable via KONG_PG_PASSWORD
- Added security warnings about changing password in production
- Updated .env.example with detailed comments about Kong database config

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/api-gateway/.env.example

@@ -15,7 +15,10 @@
 # Kong Database Configuration
 # =============================================================================
 # PostgreSQL password for Kong database
+# NOTE: Kong uses hardcoded database username 'kong' and database name 'kong'
+#       Only the password is configurable via this variable
 # SECURITY: Change this in production!
+# Example command to generate: openssl rand -base64 32
 KONG_PG_PASSWORD=kong_password
 
 # =============================================================================

backend/api-gateway/README.md

@@ -168,6 +168,20 @@ sudo ./install.sh yourdomain.com
 
 \* 仅在使用监控时需要
 
+### Kong 数据库配置说明
+
+Kong 使用 PostgreSQL 作为数据存储，数据库配置如下：
+
+- **数据库用户名**: `kong` (硬编码，不可修改)
+- **数据库名称**: `kong` (硬编码，不可修改)
+- **数据库密码**: 通过 `.env` 中的 `KONG_PG_PASSWORD` 配置（**生产环境必须修改**）
+- **数据库初始化**: Kong 容器启动时自动执行 `kong migrations bootstrap`，无需手动创建数据库或表结构
+
+**重要提示**:
+- Kong 的数据库用户名和数据库名都是固定为 `kong`，这是 Kong 的设计，无法通过环境变量修改
+- 只有密码可以通过 `KONG_PG_PASSWORD` 自定义
+- 生产环境部署时，务必修改 `KONG_PG_PASSWORD` 为强密码
+
 ### 生成安全密码
 
 ```bash