feat: add privileged container mode for apps

[P4PER]

Summary

• Adds a "Privileged Mode" checkbox in the Container Configuration section under Security Context
• When enabled, sets securityContext.privileged: true on the Kubernetes container spec
• Required for Docker-in-Docker workloads such as CI/CD runners (Gitea Actions, GitLab Runner, etc.)

Changes

• prisma/schema.prisma: Add securityContextPrivileged field to App model
• migration.sql: ALTER TABLE ADD COLUMN migration
• app-container-config.model.ts: Add field to Zod validation schema
• app-container-config.tsx: Add checkbox UI with description
• actions.ts: Persist field on save
• deployment.service.ts: Set securityContext.privileged on container spec

Test plan

• yarn test — no regressions (existing failures are unrelated)
• TypeScript type check passes
• Deploy app with privileged mode enabled, verify pod has securityContext.privileged: true
• Deploy app without privileged mode, verify no securityContext is set

[vercel]

@P4PER is attempting to deploy a commit to the biersoeckli Team on Vercel.

A member of the Team first needs to authorize it.

[biersoeckli]

Hey @P4PER

Thanks for submitting a pr for your issue #75.

I added a small change wich cleans up the UI of the whole "Container Configuration"-Card. After merging a new canary version of QuickStack will be created. if you want to use the new feature before the next QuickStack release, change the release channel of your QuickStack instance to "canary". Be aware that this channel is experimental and not recommended for production clusters.

Thanks again for contributing :)