I don't think we want to expose any etherscan API keys we use. We also don't want to expose any private keys.
Not sure where this private key comes from, likely a ganache/anvil generated account, but nonetheless, I think the .env.example file is meant to be copied to .env and then changes are done there.
Few things:
.env.example
file is meant to be copied to.env
and then changes are done there.