Summary

• Adds TechStackDocker detection to repository classification — recognizes Dockerfile*, docker-compose.yml/compose.yml, and .dockerignore as Docker signals, recorded in ProcessHints.DockerFiles.
• Creates a dedicated vigilante-issue-implementation-on-docker skill with SKILL.md covering pinned base images, multi-stage builds, explicit WORKDIR, secret-safe builds (no ARG/ENV secrets, BuildKit secret mounts), non-root runtime, .dockerignore, and validation.
• Adds Docker security guidance to the prompt injection layer (security.go) so Docker-detected repos receive container-specific guidance alongside any language-specific guidance.
• Skill selection: traditional + Docker (no Go) → Docker skill; traditional + Go + Docker → Go skill with Docker guidance injected; monorepo → monorepo skill with Docker guidance injected.
• Comprehensive test coverage: 5 detection tests in repo_test.go, 8 skill selection and guidance tests in skill_test.go.

Test plan

• go test ./internal/repo/... -race -count=1 — Docker detection tests pass
• go test ./internal/skill/... -race -count=1 — skill selection and guidance injection tests pass
• go test ./... -race -count=1 — full suite passes with no regressions
• go vet ./... — clean
• gofmt — no formatting issues

Closes #363