feat: Add sovereign infrastructure stack (Gitea + SeaweedFS)

Separate infrastructure services from application stack for operational
resilience. Following Gemini's architectural guidance.

Infrastructure Services:
- Gitea (git.corrosionmgmt.com) - Source control, CI/CD, releases
  * SQLite database (self-contained)
  * Port 8090: Web UI
  * Port 2222: SSH

- SeaweedFS (cdn.corrosionmgmt.com) - S3-compatible object storage
  * Port 8091: Filer UI (primary CDN interface)
  * Port 8092: S3 API (programmatic access)
  * Port 9333: Master UI (internal admin)
  * Port 8080: Volume server (internal)

Benefits:
- Restarting Corrosion app doesn't affect Git/CDN services
- No shared database dependencies (Gitea uses SQLite)
- Clear separation between infrastructure and application concerns
- Foundation for plugin ecosystem and map hosting

Deployment:
cd infra && docker compose up -d

See infra/README.md for full setup instructions and NPM configuration.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

infra/docker-compose.yml

@@ -0,0 +1,52 @@
+version: "3.8"
+
+# Corrosion Infrastructure Stack (Sovereign Stack)
+# Separate from application stack for resilience
+# Domains: git.corrosionmgmt.com, cdn.corrosionmgmt.com
+
+services:
+  # ---------------------------------------------------------------------------
+  # TARGET 1: GITEA (Source Control & CI/CD Hub)
+  # Domain: git.corrosionmgmt.com
+  # ---------------------------------------------------------------------------
+  gitea:
+    image: gitea/gitea:latest
+    container_name: corrosion-gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=sqlite3
+      - GITEA__server__DOMAIN=git.corrosionmgmt.com
+      - GITEA__server__SSH_DOMAIN=git.corrosionmgmt.com
+      - GITEA__server__ROOT_URL=https://git.corrosionmgmt.com/
+      - GITEA__security__INSTALL_LOCK=true # Change to false if fresh install fails
+    restart: always
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "8090:3000"  # Web UI (Map to git.corrosionmgmt.com)
+      - "2222:22"    # SSH (git clone ssh://git@git.corrosionmgmt.com:2222/...)
+
+  # ---------------------------------------------------------------------------
+  # TARGET 2: SEAWEEDFS (S3 Artifact Storage & CDN)
+  # Domain: cdn.corrosionmgmt.com
+  # ---------------------------------------------------------------------------
+  seaweedfs:
+    image: chrislusf/seaweedfs:latest
+    container_name: corrosion-cdn
+    # Running in "server" mode starts Master + Volume + Filer + S3 in one go
+    command: "server -s3 -filer -dir=/data -s3.port=8333 -filer.port=8888 -master.port=9333 -volume.port=8080"
+    restart: always
+    volumes:
+      - ./seaweedfs:/data
+    ports:
+      - "8091:8888" # Filer UI & CDN (Map to cdn.corrosionmgmt.com)
+      - "8092:8333" # S3 API (For CI/CD Artifact Uploads)
+      - "9333:9333" # Master (Internal Admin)
+      - "8080:8080" # Volume (Internal Data)
+
+networks:
+  default:
+    name: corrosion_infra