fix(selfhost): sandbox optional AI CLI install

[JSONbored]

Motivation

• The Dockerfile previously ran an optional global npm install -g for AI CLIs as root after copying the application bundle, which allows npm lifecycle scripts to execute as root and potentially mutate /app during image build, creating a supply-chain risk.
• The change aims to preserve the in-image convenience of installing the CLIs while removing the ability for their lifecycle hooks to modify the already-copied application bundle as root.

Description

• Modified Dockerfile to set a user-owned npm prefix via NPM_CONFIG_PREFIX=/home/node/.npm-global and add it to PATH so global installs can be performed without root-owned global state.
• Create and chown /home/node/.npm-global and /home/node/.npm, switch to USER node to run the optional npm install -g @anthropic-ai/claude-code ... @openai/codex ... so lifecycle scripts run as the unprivileged user and cannot mutate /app during build, then restore USER root to continue remaining build steps unchanged.
• Kept the application bundle copy behavior the same (copy dist and migrations from build stage) and preserved the final USER node at runtime and the data-dir ownership setup.
• Change is limited to Dockerfile and does not modify application code or tests.

Testing

• git diff --check succeeded locally.
• npm run test:ci started and progressed through actionlint (fell back to WASM setup due to network), db:migrations:check (72 migrations OK), and typecheck successfully, then reached test:coverage which hung in this environment and was interrupted, so the full gate did not complete here.
• npm audit --audit-level=moderate failed in this environment due to the npm registry audit endpoint returning 403 Forbidden (environmental limitation), and Docker was unavailable for a local image build verification.

---

Codex Task

[superagent-security]

Superagent didn't find any vulnerabilities or security issues in this PR.