[deploy] Alloy admin server binds 0.0.0.0:12345 inside compose network — reachable by any future sidecar

[obchain]

PR: #55 (feat/27-docker-compose)
Files: deploy/compose/docker-compose.yml alloy command block

The Alloy container is started with:

command:
  - "--server.http.listen-addr=0.0.0.0:12345"

This binds Alloy's built-in HTTP admin/UI server on all interfaces inside the compose network. While no ports: entry publishes 12345 to the host, any container attached to charon_net can reach alloy:12345 directly over the internal network. This endpoint exposes:

• The rendered River config (which includes the Grafana Cloud endpoint URL structure)
• The /-/reload config-reload handler
• Alloy's internal component graph and debug endpoints

If a future sidecar (log shipper, node exporter, backup agent) is added to the stack without full review, or if the charon container itself is compromised, an attacker can reach alloy:12345 to extract remote_write configuration or trigger a config reload pointing at an attacker-controlled endpoint.

Suggested fix: Restrict the bind address to localhost inside the Alloy container:

command:
  - "--server.http.listen-addr=127.0.0.1:12345"

The compose topology has no service that needs to reach the Alloy UI over the network. Localhost-only binding provides isolation with no functionality loss. If the operator wants to inspect the Alloy UI during debugging, docker compose exec alloy plus a local port-forward provides access.

Refs #55

[obchain]

Fixed on feat/27-docker-compose.