fix(docker): pre-create /data as dchain user so named volumes inherit ownership

Running Dockerfile.slim with a fresh named volume crashed on startup:

  [NODE] open chain: open badger: Error Creating Dir: "/data/chain"
    error: mkdir /data/chain: permission denied

Docker copies the mount-point's directory ownership (from the image)
into a new named volume at first attach. In the previous Dockerfile
/data was created implicitly by the VOLUME directive, which means it
was owned by root — but the container runs as the unprivileged
`dchain` user, so it couldn't `mkdir /data/chain` on first boot.

Fix: explicitly `mkdir /data && chown dchain:dchain /data` in the
same RUN that creates the user, before the VOLUME directive. Fresh
volumes now inherit dchain:dchain ownership automatically; no
operator-side `docker run --user root chown` workaround needed.

Operators already running with a root-owned volume from before this
fix need to chown once manually:

  docker run --rm -v dchain_data:/data --user root alpine \
    sh -c 'chown -R 100:101 /data'

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

deploy/prod/Dockerfile.slim

@@ -46,7 +46,15 @@ RUN apk add --no-cache ca-certificates tzdata
 
 # Run as unprivileged user by default. Operators can override with --user root
 # if they need to bind privileged ports (shouldn't be necessary behind Caddy).
-RUN addgroup -S dchain && adduser -S -G dchain dchain
+#
+# IMPORTANT: /data must exist + be owned by dchain BEFORE the VOLUME
+# directive. Docker copies the directory ownership of the mount point
+# into any fresh named volume at first-attach time; skip this and
+# operators get "mkdir: permission denied" when the node tries to
+# create /data/chain as the dchain user.
+RUN addgroup -S dchain && adduser -S -G dchain dchain \
+ && mkdir -p /data \
+ && chown dchain:dchain /data
 
 COPY --from=builder /bin/node   /usr/local/bin/node
 COPY --from=builder /bin/client /usr/local/bin/client