fix(docker): serialize build stages + bump SSH timeout

[alejandro-runner]

Why

The cold build on production t3.medium locked the host hard enough that SSH and SSM both became unresponsive. Required a reboot to recover.

Root cause: BuildKit runs independent stages in parallel by default. The Dockerfile has `rust-builder` and `web-builder` as independent stages, so the cold build was running:

• cargo release build with `-j 2` (~3 GB RSS)
• bun install + vite build with `NODE_OPTIONS=--max-old-space-size=2048` (2 GB)
• ...simultaneously, on a 4 GB instance with 4 GB swap

That blew past available memory + swap and the kernel locked.

Fix

1. Serialize the build stages. Add a no-op `COPY --from=rust-builder /artifacts/keycast /tmp/.rust-builder-done` as the first instruction of `web-builder`. BuildKit honors the cross-stage dependency and won't start web-builder until rust-builder finishes. Now the two heavy compilers run sequentially, never together.

2. Bump `command_timeout` from 30m to 60m on all four `appleboy/ssh-action` steps. A cold cargo + bun build on t3.medium with `-j 2` realistically takes 45-55 min. The previous 30m would kill the SSH session mid-build even on a healthy host.

After this lands

• Cold build: still ~45-55 min, but stays under the timeout and doesn't OOM the host.
• Warm builds: still fast (cache mounts reused), well under 60m.

Test plan

• Production EC2 recovered (manual reboot)
• Merge → confirm production deploy completes a cold build without locking the host
• Confirm `free -h` and `swapon --show` after build show healthy state
• Push a trivial follow-up commit → confirm warm build is fast
• Confirm SSH access remains available throughout the build (test from another terminal during deploy)

Follow-up worth doing

This whole class of problem goes away if we stop building on the production host. Build the image on the GitHub-hosted runner (16 GB RAM) and push to a registry; production just `docker compose pull && up -d`. Standard prod deploy pattern. Worth scheduling as the real fix.