#11478: Chore: add Dockerfile HEALTHCHECK and debug-log silent catch blocks

#### Summary Added HEALTHCHECK to the Dockerfile and added debug logging to silent catch blocks in 3 files. No behavior changes. lobster-biscuit #### Why This Matters HEALTHCHECK lets container orchestrators (Docker Compose, Swarm, K8s) detect an unresponsive gateway and restart it automatically. Uses Node 22 native `fetch()` against the `/health` endpoint every 30s. Silent catch blocks were making debugging harder. They now log via `getLogger().debug()` — crash behavior unchanged. #### Tests - `pnpm build` and `pnpm check` pass - No new tests — logging-only and Dockerfile changes #### Manual Testing 1. `docker build -t openclaw-test .` then `docker inspect` shows HEALTHCHECK 2. Debug logs only appear when actual errors occur during gateway operation #### Evidence - `Dockerfile` — added HEALTHCHECK - `src/infra/update-startup.ts` — log update check failures - `src/agents/model-auth.ts` — log auth profile resolution failures - `src/gateway/server-close.ts` — log shutdown cleanup failures (pluginServices, configReloader, browserControl) Telegram catch blocks (`withTelegramApiErrorLogging` already handles logging), media-understanding speculative JSON parse blocks, and cleanup/finally blocks were intentionally left unchanged. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a Dockerfile HEALTHCHECK that probes the gateway’s `/health` endpoint via Node’s built-in `fetch()`, and replaces a few silent `catch {}` blocks with `getLogger().debug(...)` calls in the auth profile resolver, gateway shutdown handler, and update check scheduler. The logging changes are localized and keep control flow the same; the main behavioral impact is the new container health probe, which will affect how orchestrators classify the service as healthy/unhealthy. <h3>Confidence Score: 3/5</h3> - This PR is mostly safe, but the Docker HEALTHCHECK may mark containers unhealthy depending on gateway /health auth behavior. - The code changes are small and limited to logging, but the Dockerfile HEALTHCHECK introduces a new runtime contract with orchestrators. If `/health` requires auth under the default container config, the container will flap unhealthy and be restarted despite the gateway running normally. - Dockerfile <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->