chore: no skipping keystore encryption in docs by default

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• docs should not encourage skipping encryption (even if we all do it anyway!)

Reference issue to close (if applicable)

Closes #6548

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Documentation
  • Updated CLI command examples to remove explicit keystore-encryption disabling across mainnet, calibnet, snapshot import and RPC-filtering guides.
  • Revised README executable example to match simplified command usage.
  • Added a warning note clarifying keystore encryption must not be disabled in production.

[coderabbitai]

Walkthrough

Removed explicit --encrypt-keystore false flags from CLI examples in documentation, and added a brief caution in JWT handling docs advising against disabling keystore encryption in production. No code or functional changes.

Changes

Cohort / File(s)	Summary
CLI examples AGENTS.md, README.md, docs/docs/users/guides/methods_filtering.md	Removed --encrypt-keystore false from Forest CLI examples; examples now rely on default keystore encryption and in one README example show --auto-download-snapshot without the explicit flag.
Security note docs/docs/users/knowledge_base/jwt_handling.md	Added one-sentence clarification within a danger note warning that keystore encryption should not be disabled in production.

Sequence Diagram(s)

(Skipped — changes are documentation-only and do not introduce new multi-component control flow.)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• hanabi1224
• akaladarshi

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	The PR addresses most of issue #6548's objectives by removing --encrypt-keystore false from AGENTS.md, README.md, methods_filtering.md, and jwt_handling.md, but appears incomplete as only 4-5 of the 6 affected files are modified.	Verify whether all 6 affected files (README.md, AGENTS.md, methods_filtering.md, install.md, trace_call_guide.md, state_migration_guide.md) have been updated, or clarify if some changes are planned separately.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing --encrypt-keystore false from documentation examples to promote security best practices.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to removing --encrypt-keystore false from documentation examples and adding clarifying notes about keystore encryption security, which aligns with issue #6548 objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch no-encrypt-keystore-false-in-user-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@README.md`:
- Around line 233-236: Search the repository for all occurrences of the literal
flag "--encrypt-keystore false" (including the ones noted in README.md and docs)
and remove them; instead update those docs to instruct users to omit the
insecure flag and to use secure keystore encryption via environment variables
such as FOREST_KEYSTORE_PHRASE or a secrets manager (or show the proper CLI
usage without the insecure flag), and update any example commands or guides that
referenced the flag to demonstrate setting FOREST_KEYSTORE_PHRASE or using a
secrets workflow.