Adopt Dagger CI for container builds (Phase 1) (#156)

## Summary

- Add Dagger Python module (`.dagger/`) with `build` and `publish` functions for container images
- Replace Docker buildx + skopeo composite action with `dagger call publish` in `build-container.yaml`
- BuildKit's native push is compatible with Zot — **skopeo workaround eliminated**
- Add Dagger CLI (v0.19.11) to forgejo-runner Dockerfile, bump runner to v2.6.0
- Bootstrap step in workflow curl-installs dagger if not in runner (for first build on v2.5.1 runner)
- Delete old `.forgejo/actions/build-push-image/` composite action
- Add GPLv3 LICENSE

## Verified locally

- `dagger call build --src=. --container-name=nettest` — builds ✓
- `dagger call publish --src=. --container-name=nettest --version=dagger-test` — pushed to Zot ✓
- `dagger call build --src=. --container-name=forgejo-runner` — new runner image builds ✓
- Dagger CLI accessible inside built runner image ✓

## Deployment sequence (after merge)

1. `mise run container-tag-and-release forgejo-runner v2.6.0` — old runner bootstraps dagger via curl, builds new runner
2. `argocd app sync forgejo-runner` — runner restarts with v2.6.0 (dagger baked in)
3. `mise run container-tag-and-release nettest v0.13.0` — end-to-end test of new pipeline
4. `mise run container-list` — verify tags

## Not included (future phases)

- Phase 2: docs build + Forgejo packages migration
- Phase 3: runner simplification (remove skopeo, Node.js, etc.)
- Phase 4: future workflows

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/156

.forgejo/workflows/build-container.yaml

@@ -2,6 +2,8 @@
 # Triggers on tags matching: <container>-v<version>
 # Builds from containers/<container>/Dockerfile if it exists
 #
+# Uses Dagger to build and push images to the Zot registry.
+#
 # Examples:
 #   nettest-v1.0.0  -> builds containers/nettest/
 #   devpi-v2.1.0    -> builds containers/devpi/
@@ -45,7 +47,6 @@ jobs:
           if [ -f "$CONTEXT/Dockerfile" ]; then
             echo "Found $CONTEXT/Dockerfile"
             echo "exists=true" >> "$GITHUB_OUTPUT"
-            echo "context=$CONTEXT" >> "$GITHUB_OUTPUT"
           else
             echo "No Dockerfile found at $CONTEXT/Dockerfile"
             echo "exists=false" >> "$GITHUB_OUTPUT"
@@ -67,10 +68,22 @@ jobs:
           echo ""
           echo "Skipping build."
 
-      - name: Build and push image
+      - name: Ensure Dagger CLI
         if: steps.check.outputs.exists == 'true'
-        uses: ./.forgejo/actions/build-push-image
-        with:
-          context: ${{ steps.check.outputs.context }}
-          image_name: blumeops/${{ steps.parse.outputs.container }}
-          version: ${{ steps.parse.outputs.version }}
+        run: |
+          # Bootstrap: install dagger if not already in the runner image.
+          # Remove once all runners include dagger (Phase 3).
+          if ! command -v dagger &>/dev/null; then
+            echo "Dagger not found, installing..."
+            curl -fsSL https://dl.dagger.io/dagger/install.sh | DAGGER_VERSION=0.19.11 sh
+            mv ./bin/dagger /usr/local/bin/dagger && rmdir ./bin
+          fi
+          dagger version
+
+      - name: Publish
+        if: steps.check.outputs.exists == 'true'
+        run: |
+          dagger call publish \
+            --src=. \
+            --container-name=${{ steps.parse.outputs.container }} \
+            --version=${{ steps.parse.outputs.version }}