fix(docker): chown install dirs on HERMES_UID remap (#27221)

[Linux2010]

What broke

When HERMES_UID is remapped (e.g. to 99 for Unraid/Synology), usermod -u only auto-updates ownership inside the user's home directory ($HERMES_HOME). Files under $INSTALL_DIR/ui-tui/ and $INSTALL_DIR/gateway/ retain build-time UID 10000, causing:

• TUI dashboard esbuild fails to write to dist/ → EACCES
• Python fails to create __pycache__ under gateway/ → permission errors

Root cause

In docker/entrypoint.sh, the usermod -u chown block only covers $HERMES_HOME and $INSTALL_DIR/.venv. The install directories ui-tui/ and gateway/ are not included, so they keep their build-time owner after UID remap.

Why this fix is minimal

Adds a loop to chown ui-tui/ and gateway/ to the remapped hermes user, following the exact same pattern as the existing .venv chown. Each directory is guarded by -d (existence check) and stat -c %u (UID comparison) so it only runs when needed. Non-rootless Podman users and unremapped installs are unaffected.

What I tested

Added tests/docker/test_entrypoint_uid_remap.py:

• test_ui_tui_chown_present — ui-tui/ referenced in needs_chown block
• test_gateway_chown_present — gateway/ referenced in needs_chown block
• test_chown_uses_hermes_user — loop uses hermes:hermes
• test_chown_guarded_by_directory_check — -d guard present
• test_chown_guarded_by_uid_check — stat -c %u guard present

What I intentionally did not change

• $HERMES_HOME chown behavior
• .venv chown behavior
• Any non-Docker deployment paths
• Config file permission handling

[Linux2010]

Closing due to multiple CI failures (attribution + test + ruff). PR is stale (created May 17). Will re-create if still needed after attribution fix.