fix(docker): normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency

Dockerfile

@@ -20,10 +20,7 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio
         ca-certificates \
         gpg-agent \
         curl \
-        g++ \
-        gcc \
         git \
-        make \
         openssl \
         python3 \
         rsync \
@@ -32,7 +29,8 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio
         unzip \
         iputils-ping \
         dnsutils \
-        tini
+        tini \
+    && apt-get clean
 
 # Layer 2: Chromium + Puppeteer/Playwright browser deps
 RUN apt-get install -y -q --no-install-recommends \
@@ -72,7 +70,9 @@ RUN apt-get install -y -q --no-install-recommends \
         libayatana-appindicator3-1 \
         libnss3 \
         lsb-release \
-        xdg-utils
+        xdg-utils \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 
 # Layer 3: MongoDB 8.0
 RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
@@ -85,7 +85,7 @@ RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
     && rm -rf /var/lib/apt/lists/*
 
 # Install nvm with node and npm
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Prepend to bashrc, before the "[ -z "$PS1" ] && return" line
@@ -119,7 +119,7 @@ RUN nvm install $NODE_VERSION_STABLE \
     && pnpm -v \
     && pnpm config set unsafe-perm true
 
-ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_STABLE/lib/node_modules
+ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/bin:$PATH
 
 # Install Bun