feat: add Docker Compose support

Add container-based deployment as an alternative to bare-metal pyinfra.

- systemd inside container reusing the existing deployer infrastructure
- chatmail-init.sh runs `cmdeploy run --ssh-host @local` on first boot,
  so the container self-deploys using the same code path as bare-metal
- Config via MAIL_DOMAIN env var (simple) or mounted chatmail.ini (advanced)
- External TLS support via TLS_EXTERNAL_CERT_AND_KEY for reverse proxy setups
- Image version tracking in /etc/chatmail-image-version for upgrade detection
- .git/ excluded, but version file mocked so git revparse still works
- Health check verifies postfix, dovecot, and nginx are listening

Files added:
- docker/chatmail_relay.dockerfile: multi-stage build (build + runtime)
- docker/chatmail-init.sh: first-boot deployment script
- docker/chatmail-init.service: systemd unit for init script
- docker/entrypoint.sh: container entrypoint (starts systemd)
- docker/healthcheck.sh: container health check
- docker/docker-compose.yaml: main compose config
- docker/docker-compose.ci.yaml: CI override (uses GHCR image)
- docker/docker-compose.override.yaml.example: customization template
- docker/build.sh: helper script
- doc/source/docker.rst: documentation
- .dockerignore: build context filter

docker/env.example

@@ -0,0 +1 @@
+MAIL_DOMAIN=chat.example.com