/setup makes it very likely that the developer will check secrets into git #2
Description
the /setup command currently interpolates the ATXP connection string—which is a secret—into the mcp json template and injects all of it into the project's .mcp.json file.
It's quite likely that this file would get checked into git, causing the secret to be checked into git—not good!
Could we change /setup so that it adds the ATXP connection string to an environment variable and then uses that environment variable in the JSON file? The script should still write .mcp.json into the project root if it doesn't exist, or merge the new MCP servers into it if it does.