#11818: fix(docker): resolve build hang by using in-place ownership and optimized layers

This PR fixes a critical issue where the Docker build process hangs during the chown -R step, particularly on Linux and macOS environments with large build contexts or specific file systems. Changes: - In-place Ownership: Replaced RUN chown -R node:node /app with COPY --chown=node:node. This prevents the "Write Amplification" effect where Docker duplicates the entire application directory into a new layer just to update metadata. - Build Performance: Reordered instructions to install dependencies before copying the full source code. This allows Docker to cache the pnpm install layer, making subsequent builds significantly faster. - Security: Switched to USER node earlier in the process so that all generated build artifacts are owned by the non-root user by default. - Fixed Bun accessibility by installing it to /usr/local, ensuring it remains on the PATH after switching to the non-root user. Testing: Verified on a Linux environment where the previous Dockerfile would stall indefinitely at step [14/14]. The new process completes successfully and much faster. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR refactors the Dockerfile to avoid an expensive `chown -R /app` layer by using `COPY --chown`, and reorders the build to improve layer caching (copy lockfiles/package manifests → install deps → copy full source → build). It also switches to running as the non-root `node` user earlier so build artifacts and `node_modules` are owned by the unprivileged user. The main behavioral impact is in the build/runtime user and file ownership model within the container; it should reduce build hangs and speed up rebuilds by keeping dependency installation cacheable. <h3>Confidence Score: 3/5</h3> - Reasonably safe to merge after fixing Bun availability when building as the node user. - The Dockerfile change is small and targeted, but switching to `USER node` while keeping Bun installed under `/root` can break builds that rely on Bun being on PATH during pnpm scripts. Once Bun is installed/located correctly for the `node` user, the rest of the layer/ownership changes look consistent with the repo’s docker build flow. - Dockerfile (Bun installation/PATH vs USER node) <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->