feat: add production container support with health check endpoint

Implements Phase 5 containerization specification:
- Add /health endpoint for container monitoring
- Create multi-stage Containerfile (Podman/Docker compatible)
- Add compose.yaml for orchestration
- Add Caddyfile.example for reverse proxy (auto-HTTPS)
- Add nginx.conf.example as alternative
- Update .env.example with container and RSS feed variables
- Add gunicorn WSGI server to requirements.txt

Container features:
- Multi-stage build for smaller image size
- Non-root user (starpunk:1000)
- Health check with database connectivity test
- Volume mount for data persistence
- Resource limits and logging configuration
- Security headers and HTTPS configuration examples

Health check endpoint:
- Tests database connectivity
- Verifies filesystem access
- Returns JSON with status, version, and environment

Following Phase 5 design in docs/designs/phase-5-rss-and-container.md

compose.yaml

@@ -0,0 +1,107 @@
+# StarPunk Container Composition
+# Podman Compose and Docker Compose compatible
+#
+# Usage:
+#   podman-compose up -d    # Start in background
+#   podman-compose logs -f  # Follow logs
+#   podman-compose down     # Stop and remove
+#
+# Docker:
+#   docker compose up -d
+#   docker compose logs -f
+#   docker compose down
+
+version: '3.8'
+
+services:
+  starpunk:
+    # Container configuration
+    image: starpunk:0.6.0
+    container_name: starpunk
+
+    # Build configuration
+    build:
+      context: .
+      dockerfile: Containerfile
+
+    # Restart policy - always restart unless explicitly stopped
+    restart: unless-stopped
+
+    # Port mapping
+    # Only expose to localhost for security (reverse proxy handles external access)
+    ports:
+      - "127.0.0.1:8000:8000"
+
+    # Environment variables
+    # Load from .env file in project root
+    env_file:
+      - .env
+
+    # Override specific environment variables for container
+    environment:
+      # Flask configuration
+      - FLASK_APP=app.py
+      - FLASK_ENV=production
+      - FLASK_DEBUG=0
+
+      # Data paths (container internal)
+      - DATA_PATH=/data
+      - NOTES_PATH=/data/notes
+      - DATABASE_PATH=/data/starpunk.db
+
+      # Application metadata
+      - VERSION=0.6.0
+      - ENVIRONMENT=production
+
+    # Volume mounts for persistent data
+    # All application data stored in ./container-data on host
+    volumes:
+      - ./container-data:/data:rw
+      # Note: Use :Z suffix for SELinux systems (Fedora, RHEL, CentOS)
+      # - ./container-data:/data:rw,Z
+
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "python3", "-c", "import httpx; httpx.get('http://localhost:8000/health', timeout=2.0)"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 10s
+
+    # Resource limits (optional but recommended)
+    # Adjust based on your server capacity
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 512M
+        reservations:
+          cpus: '0.25'
+          memory: 128M
+
+    # Logging configuration
+    # Rotate logs to prevent disk space issues
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    # Network configuration
+    networks:
+      - starpunk-net
+
+# Network definition
+networks:
+  starpunk-net:
+    driver: bridge
+    # Optional: specify subnet for predictable IPs
+    # ipam:
+    #   config:
+    #     - subnet: 172.20.0.0/16
+
+# Optional: Named volumes for data persistence
+# Uncomment if you prefer named volumes over bind mounts
+# volumes:
+#   starpunk-data:
+#     driver: local