Configure DinD to use Zot as pull-through registry mirror (#183)

## Summary
- Add `daemon.json` with `registry-mirrors` to the forgejo-runner ConfigMap, pointing DinD at `http://host.minikube.internal:5050`
- Mount `daemon.json` into the DinD sidecar at `/etc/docker/daemon.json` via `subPath`
- Docker Hub pulls during Dagger CI builds will now route through Zot's pull-through cache, reducing bandwidth and avoiding rate limits

## Deployment and Testing
- [ ] `argocd app sync forgejo-runner`
- [ ] Exec into DinD container: `docker info` should show the registry mirror
- [ ] Trigger a workflow build and check Zot logs for cache hits

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/183

argocd/manifests/forgejo-runner/configmap.yaml

@@ -22,3 +22,7 @@ data:
       network: "host"
       # Connect to DinD sidecar via TCP (not socket)
       docker_host: tcp://127.0.0.1:2375
+  daemon.json: |
+    {
+      "registry-mirrors": ["http://host.minikube.internal:5050"]
+    }

argocd/manifests/forgejo-runner/deployment.yaml

@@ -77,6 +77,10 @@ spec:
           volumeMounts:
             - name: dind-storage
               mountPath: /var/lib/docker
+            - name: config
+              mountPath: /etc/docker/daemon.json
+              subPath: daemon.json
+              readOnly: true
 
       volumes:
         - name: data

docs/changelog.d/feature-dind-zot-registry-mirror.infra.md

@@ -0,0 +1 @@
+Configure DinD sidecar to use Zot as a pull-through registry mirror for Docker Hub images, reducing bandwidth and avoiding rate limits during Dagger CI builds.