feat(deploy): merge Phase 5a deployment configuration

Complete containerized deployment system with Docker/Podman support.

Key features:
- Multi-stage Dockerfile with Python 3.11-slim base
- Docker Compose configurations for production and development
- Nginx reverse proxy with security headers and rate limiting
- Systemd service units for Docker, Podman, and docker-compose
- Backup/restore scripts with integrity verification
- Podman compatibility (ADR-009)

All tests pass including Podman verification testing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

deployment/docker/entrypoint.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+# Gondulf Container Entrypoint Script
+# Handles runtime initialization for both Podman and Docker
+
+set -e
+
+echo "Gondulf IndieAuth Server - Starting..."
+
+# Ensure data directory exists with correct permissions
+if [ ! -d "/data" ]; then
+    echo "Creating /data directory..."
+    mkdir -p /data
+fi
+
+# Create backups directory if it doesn't exist
+if [ ! -d "/data/backups" ]; then
+    echo "Creating /data/backups directory..."
+    mkdir -p /data/backups
+fi
+
+# Set ownership if running as gondulf user (UID 1000)
+# In rootless Podman, UID 1000 in container maps to host user's subuid range
+# This chown will only succeed if we have appropriate permissions
+if [ "$(id -u)" = "1000" ]; then
+    echo "Ensuring correct ownership for /data..."
+    chown -R 1000:1000 /data 2>/dev/null || true
+fi
+
+# Check if database exists, if not initialize it
+# Note: Gondulf will auto-create the database on first run
+if [ ! -f "/data/gondulf.db" ]; then
+    echo "Database not found - will be created on first request"
+fi
+
+echo "Starting Gondulf application..."
+echo "User: $(whoami) (UID: $(id -u))"
+echo "Data directory: /data"
+echo "Database location: ${GONDULF_DATABASE_URL:-sqlite:////data/gondulf.db}"
+
+# Execute the main command (passed as arguments)
+exec "$@"