#15466: Vps setup merge

<!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates the Docker/VPS deployment setup by expanding the main `Dockerfile` to install additional tooling (gh, 1Password CLI, Homebrew + brew-installed tools, clawhub) and adjusting the build steps, plus revising `docker-compose.yml` to add a Gluetun (WireGuard) VPN sidecar, custom network/IPs, and a dedicated `openclaw-browser` service. Key issues to resolve before merge: - `openclaw.json` is committed as invalid JSON, which will cause config loading paths (e.g. configure/onboard/doctor flows) to fail fast. - The compose/browser changes expose Chrome DevTools Protocol (CDP) on a public bind + host-published port, and also publish the bridge port on all interfaces, creating unsafe default network exposure. - The Dockerfile grants passwordless sudo to the `node` user, negating the prior “run as non-root” hardening boundary. <h3>Confidence Score: 2/5</h3> - This PR is not safe to merge until the invalid config and default network/security exposures are addressed. - The changes introduce a committed invalid `openclaw.json` that will break config reads, expand default container privileges via passwordless sudo, and expose sensitive ports (CDP/bridge) on host interfaces by default, which is a concrete security regression. - openclaw.json, docker-compose.yml, Dockerfile _{Last reviewed commit: bdf192a} <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->