Move secrets to environment variables and modernize codebase

[Copilot]

Hardcoded API credentials are now loaded from .env file with validation on startup.

Before:

API_KEY = ""  # your last.fm API key
API_SECRET = ""  # your last.fm API secret
SPOTIPY_CLIENT_ID = ""  # your spotify API key
SPOTIPY_CLIENT_SECRET = ""  # your spotify API secret
offset = 22813

After:

load_dotenv()
API_KEY = os.getenv("LASTFM_API_KEY")
API_SECRET = os.getenv("LASTFM_API_SECRET")
# ... with validation that exits gracefully if missing

Changes:

• Added python-dotenv dependency for .env file support
• Created .env.example with credential documentation and API links
• Validate required environment variables on startup with helpful error messages
• Modernized file operations: os.path → pathlib.Path
• Fixed mutable default argument anti-pattern: timestamp=time.time() → timestamp=None
• Added if __name__ == "__main__" module guard
• Removed duplicate imports (time, webbrowser imported twice)
• Fixed Python version requirement: >=3.14 → >=3.8
• Updated README with setup instructions

Original prompt

Move all of the secrets into an env file, and modernise code where necessary

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.