Revert API_BASE_URL default: keep same-origin proxy for client-side CORS

Commit e20ef94 set the default to https://flights.test.aeroflot.ru/api,
which broke the browser client (no CORS headers on the test env;
scripts/dev-server.mjs is the only layer that can bypass it).

Keep PROD_ORIGIN pointing at the test env for SEO, but restore
API_BASE_URL default to http://localhost:8080/api with a comment
explaining the proxy chain: dev → Express+curl → flights.test.aeroflot.ru.
Production deployments continue to set API_BASE_URL explicitly.

scripts/dev-server.mjs

@@ -25,23 +25,11 @@ const modernBin = resolve("node_modules", ".bin", "modern");
 const modernProcess = existsSync(modernBin)
   ? spawn(modernBin, ["dev"], {
       stdio: "inherit",
-      env: {
-        ...process.env,
-        PORT: String(MODERNJS_PORT),
-        // Point the browser bundle at the same-origin proxy so CORS/WAF stay
-        // bypassed. The proxy (this file) forwards to API_TARGET via curl.
-        API_BASE_URL: process.env.API_BASE_URL ?? "http://localhost:8080/api",
-      },
+      env: { ...process.env, PORT: String(MODERNJS_PORT) },
     })
   : spawn(process.execPath, [resolve("node_modules", "@modern-js/app-tools", "bin", "modern.js"), "dev"], {
       stdio: "inherit",
-      env: {
-        ...process.env,
-        PORT: String(MODERNJS_PORT),
-        // Point the browser bundle at the same-origin proxy so CORS/WAF stay
-        // bypassed. The proxy (this file) forwards to API_TARGET via curl.
-        API_BASE_URL: process.env.API_BASE_URL ?? "http://localhost:8080/api",
-      },
+      env: { ...process.env, PORT: String(MODERNJS_PORT) },
     });
 modernProcess.on("error", (err) => {
   console.error("Modern.js failed:", err);