fix(docker): resolve self-hosting build and OAuth troubleshooting issues

[Honey-pg]

Align Docker with CI using Node 22 and pinned pnpm 11.9, copy pnpm-workspace.yaml for non-interactive build scripts, add native build tools, and improve auth logging for self-hosted deployments.

Summary

Fixes common Docker self-hosting failures on fresh clones: unpinned Corepack/pnpm version mismatches, ERR_PNPM_IGNORED_BUILDS from missing workspace config during image build, native module compile failures without build tools, and opaque GitHub OAuth errors. Aligns the Docker toolchain with CI (Node 22 + pnpm 11.9) and adds startup auth diagnostics for VPS troubleshooting.

Closes #2874

---

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 💥 Breaking change (fix or feature that changes existing behavior)
• 📝 Documentation update
• ♻️ Refactor / code cleanup (no functional change)
• ⚡ Performance improvement
• 🔒 Security fix
• 🧪 Tests only

---

What Changed

• Dockerfile: Bump base image to node:22-alpine; pin pnpm via corepack prepare pnpm@11.9.0 --activate; copy pnpm-workspace.yaml before install; add python3, make, and g++ in deps/development stages
• package.json: Add "packageManager": "pnpm@11.9.0"; update engines.node to "20.x || 22.x"; remove deprecated pnpm.onlyBuiltDependencies (canonical config is in pnpm-workspace.yaml)
• src/lib/auth-config.ts: New startup validation for GitHub/NextAuth env vars; optional AUTH_DEBUG logging helpers
• src/lib/auth.ts: Wire NextAuth debug + logger; improve [auth] log messages during sign-in
• docs/self-hosting.md / README.md: Add Docker build troubleshooting (pnpm, ignored builds, native deps, OAuth error=github, AUTH_DEBUG)

---

How to Test

1. Clone the branch and run docker compose build --no-cache
2. Run docker compose up and confirm the app starts at http://localhost:3000
3. Hit /api/auth/providers without GitHub/NextAuth env vars set and check logs for [auth] Self-hosting configuration issues and [nextauth] messages

Expected result: pnpm install completes without ERR_PNPM_IGNORED_BUILDS; native packages (sharp, esbuild, tree-sitter) build successfully; container starts; auth misconfiguration produces actionable log output instead of silent OAuth failures.

---

Checklist

• Linked the related issue above
• Self-reviewed my own diff
• No unnecessary console.log, debug code, or commented-out blocks
• npm run lint passes locally
• No TypeScript errors (npm run type-check)
• Added or updated tests where applicable
• Updated documentation / comments if behavior changed

---

Accessibility (UI changes only)

• Keyboard navigation works correctly
• Color contrast meets WCAG AA standard
• ARIA labels / roles added where needed
• Tested on mobile / responsive layout

---

Additional Context

• Verified locally: docker compose build --no-cache and docker compose up succeed; auth diagnostics appear when hitting /api/auth/providers with missing env vars.
• docker-compose.yml still targets the development stage (npm run dev). Self-hosters wanting a production image should build the Dockerfile production target directly — documented in docs/self-hosting.md.
• Set AUTH_DEBUG=true in .env for verbose NextAuth OAuth logs during self-hosting setup.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus