fix: Modify the example to avoid misunderstanding

[km0e]

In the section On a separate domain, it may be misleading to see that ALLOWED_HOSTS is set to some domain names. Although the domain names here refer to URLs, it is recommended to modify them slightly.

[paskal]

Will check against the spec and get back with review.

[paskal]

Found relevant documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy#host-source

[paskal]

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

Additional verification: The change to add https:// protocol prefix to domains in the ALLOWED_HOSTS example is correct according to:

• CSP frame-ancestors specification which allows scheme + hostname format
• The existing test in backend/app/rest/api/rest_test.go which uses https://example.com format

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}