#8350: install gemini-cli inside docker container to allow for gemini-cli OAuth

closes #7377 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates the `Dockerfile` to install `@google/gemini-cli` globally inside the Node-based container image so users can complete Gemini CLI OAuth from within the container (closing #7377). The change happens late in the Docker build, after `pnpm build` and `chown`, and the container continues to run as the non-root `node` user at runtime. <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge, but it introduces a non-pinned root-level global npm install that affects reproducibility and supply-chain exposure. - Only a small Dockerfile change is introduced and it’s unlikely to break runtime behavior, but pulling an unpinned global package during image build can lead to nondeterministic builds and larger security surface area if upstream changes. - Dockerfile <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->