docs(lfs): align gh-pages with PR #139 breaking changes

[kamir]

Summary

Companion to KafScale/platform#139. Updates the three LFS docs on gh-pages so they reflect the breaking changes shipping in #139 — per @novatechflow's request to keep gh-pages in sync with main.

What changed

File	Changes
_docs/lfs-proxy.md	Env vars LFS_* → KAFSCALE_LFS_PROXY_* (the actual names in cmd/proxy/lfs.go). Bucket example kafscale → my-bucket. Endpoint POST /v1/topics/{topic}/records → real POST /lfs/produce. New "Trust model and integrity verification" section documenting buffer-then-verify download, required integrity.sha256 + integrity.size on stream mode, presign opt-in (KAFSCALE_LFS_PROXY_PRESIGN_ENABLED), and all new error codes (integrity_failure, missing_integrity_size, payload_too_large, presign_disabled).
_docs/lfs-helm.md	bucket: kafscale → my-bucket, with explanatory comment about the kafscale-lfs startup blocklist.
_docs/lfs-sdks.md	Bucket example kafscale → my-bucket. Resolve() example annotated: SDK populates integrity claim from envelope; proxy verifies bytes before streaming. Trust-model callout linking to the LFS Proxy doc.

Test plan

• bundle exec jekyll build succeeds (no broken internal links)
• Page renders cleanly on the staging preview
• All four new error codes (integrity_failure, missing_integrity_size, payload_too_large, presign_disabled) appear in the rendered error table
• /lfs-proxy/#trust-model-and-integrity-verification anchor resolves from the _docs/lfs-sdks.md callout

Notes

• Mergeable independently of PR fix(security): block S3 bucket takeover via unsafe example defaults #139 — the doc updates describe code that has not yet shipped on main, but matches the published OpenAPI in fix(security): block S3 bucket takeover via unsafe example defaults #139. If preferred we can hold this until fix(security): block S3 bucket takeover via unsafe example defaults #139 merges; just say.
• No structural / navigation changes; only content edits to existing pages.

🤖 Generated with Claude Code

[kamir]

Pushed follow-up commit 3ae607f to remove the remaining docs drift.

What changed:

• Updated the LFS envelope and object-key examples to match the current kfs_lfs/bucket/key/size/sha256 schema and default/topic/lfs/date/obj-* key shape.
• Corrected the Go SDK example to use the actual NewProducer/Produce and NewS3Client/NewConsumer/Unwrap APIs.
• Clarified that current SDK resolvers fetch directly from S3 with local checksum validation, while POST /lfs/download is the proxy-verified HTTP path.
• Added the new invalid_integrity and temp_storage_failed download error docs.
• Replaced stale presigned-download wording in the demos doc.

Verification:

• git diff --check
• rg check for stale API/schema terms in the touched LFS docs