Migrate from remote driver to docker-container driver

[dash14]

Why

The remote driver had several limitations:

• TCP port exposure required — buildkitd listened on a TCP port (1234) for the host to connect, adding attack surface and requiring iptables rules to block access from build containers
• docker-compose dependency — container lifecycle (network, volume, port mapping) was managed via compose, adding complexity to both the setup action and local development

The docker-container driver resolves all of these:

• No TCP port exposure — communication uses Docker's internal mechanism, eliminating the need for port mapping and iptables hardening
• Single command setup — docker buildx create handles container lifecycle, with built-in cleanup via docker buildx rm

Changes

• Replace s6-rc (compile-time service graph) with s6-svscan (runtime supervision) and add a custom entrypoint.sh` for init scripts + service startup
• Remove compose.yml, setup/compose.yml, and compose.test.yml network/volume definitions that were only needed for the remote driver
• Refactor setup/main.mjs to call docker buildx create directly with driver-opts instead of docker-compose up
• Refactor report/main.mjs to use docker exec on the buildkit container instead of relying on compose service names
• Update test.yml to use ./setup and ./report actions directly, serving as E2E tests for the actions themselves
• Remove leftover remote driver references from example workflows, docs, and iptables rules (TCP port 1234)
• Update architecture and report diagrams